From f1b3284f138f03dbf42b525c7f8178124b99e11f Mon Sep 17 00:00:00 2001 From: tb <> Date: Wed, 19 Mar 2025 11:18:38 +0000 Subject: Fix traditional SSLeay X509_NAME printing The gibberish that was there before the rewrite didn't actually skip names whose SN representation was different start with /O= or /OU= (with one or two capital letters between '/' and '='), it simply failed to separate them, resulting in nonsense such as CN=Microsec e-Szigno Root CA 2009/emailAddress=info@e-szigno.hu So ditch the code doing that, simplifying this now internal function quite a bit. ok jsing --- src/lib/libcrypto/asn1/a_strex.c | 30 +----------------------------- 1 file changed, 1 insertion(+), 29 deletions(-) diff --git a/src/lib/libcrypto/asn1/a_strex.c b/src/lib/libcrypto/asn1/a_strex.c index 5523c22cc4..52e1b7db5d 100644 --- a/src/lib/libcrypto/asn1/a_strex.c +++ b/src/lib/libcrypto/asn1/a_strex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: a_strex.c,v 1.37 2025/03/09 15:17:22 tb Exp $ */ +/* $OpenBSD: a_strex.c,v 1.38 2025/03/19 11:18:38 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -565,31 +565,6 @@ do_name_ex(char_io *io_ch, void *arg, const X509_NAME *n, int indent, return outlen; } -/* NID with SN of 1-2 letters, which X509_NAME_print() historically included. */ -static int -x509_name_entry_include(const X509_NAME_ENTRY *ne) -{ - int nid; - - if ((nid = OBJ_obj2nid(ne->object)) == NID_undef) - return 0; - - switch (nid) { - case NID_commonName: - case NID_surname: - case NID_countryName: - case NID_localityName: - case NID_stateOrProvinceName: - case NID_organizationName: - case NID_organizationalUnitName: - case NID_givenName: - case NID_domainComponent: /* XXX - doesn't really belong here */ - return 1; - } - - return 0; -} - static int X509_NAME_print(BIO *bio, const X509_NAME *name, int obase) { @@ -607,9 +582,6 @@ X509_NAME_print(BIO *bio, const X509_NAME *name, int obase) for (i = 0; i < sk_X509_NAME_ENTRY_num(name->entries); i++) { ne = sk_X509_NAME_ENTRY_value(name->entries, i); - if (!x509_name_entry_include(ne)) - continue; - if (started) { if (!CBB_add_u8(&cbb, ',')) goto err; -- cgit v1.2.3-55-g6feb