Return X.509 cert subject in RFC2253 format

[gothub]

When the dataone R package reads the subject from an X.509 cert, it needs to have the value returned in RFC2253 format. Currently

library(openssl)
cert <- read_cert("/tmp/x509up_u501")
as.list(cert)$subject

returns "DC=org, DC=cilogon, C=US, O=Google, CN=Peter Slaughter A10499", but what we need is "CN=Peter Slaughter A10499,O=Google,C=US,DC=cilogon,DC=org".

The openssl library can format the subject with a call like

(X509_NAME_print_ex(mem, X509_get_subject_name(cert), 0, XN_FLAG_RFC2253)

(see line 616 https://github.com/NCEAS/PKIplus/blob/master/src/pki-x509.c)

Is it possible to add an argument to read_cert or have some other mechanism to convert the subject to RFC2253 format?

Related to https://github.com/DataONEorg/rdataone/issues/143

[jeroen]

This is controlled by the X509_NAME_print_ex flags parameter which is currently

X509_NAME_print_ex(b, name, 0, XN_FLAG_ONELINE & ~ASN1_STRFLGS_ESC_MSB)

However I vaguely remember that I tried other flags and these gave some issues on older versions of libssl...

[jeroen]

Fixed @ https://github.com/jeroenooms/openssl/commit/994c030ac26514e22207f0a346a9dca725036ca8. I don't like having too many arguments to I made RFC2253 format the default.

I need to do some testing though to make sure this works as expected in OpenSSL 1.0.0, 1.0.1, 1.0.2.

[jeroen]

Checked this with linux and solaris, seems fine. So let's just use this format by default.