Closed hrbrmstr closed 5 years ago
Can we just make the default XN_FLAG_SEP_SPLUS_SPC? Or does that also have downsides? I'm not a fan of introducing global options if we can find a better default, or at most make it an argument of as.list()
.
Do you have an example of a cert that has this problem so that I can test it?
I vaguely remember that the multiline format was messing up non ascii certs. The manual page says this:
Although there are a large number of possible flags for most purposes XN_FLAG_ONELINE, XN_FLAG_MULTILINE or XN_FLAG_RFC2253 will suffice. As noted on the ASN1_STRING_print_ex(3) manual page for UTF8 terminals the ASN1_STRFLGS_ESC_MSB should be unset:
I'll run some tests on the "ugh" certs with that change this week (I can upload those as well). I def grok/sympathize with not wanting to use options. I more suggested it to avoid breaking anyone's existing code if they're doing something similar.
(Re: the second comment) Aye. Def know that reference. And, it's unfortunate that causes issues b/c it's a handy quick fix to avoid pulling out those fields manually in C code (which is the super ugly option).
On Jul 15, 2019, at 6:24 PM, Jeroen Ooms notifications@github.com wrote:
Can we just make the default XN_FLAG_SEP_SPLUS_SPC? Or does that also have downsides? I'm not a fan of introducing global options if we can find a better default.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.
There are too many formatting flags to expose them one by one. Given that you are the only person that will use this, I exposed this in the simplest possible way to just pass the integer with the format flag.
So you'll probably want some combination of these values:
# define XN_FLAG_SEP_COMMA_PLUS (1 << 16)/* RFC2253 ,+ */
# define XN_FLAG_SEP_CPLUS_SPC (2 << 16)/* ,+ spaced: more readable */
# define XN_FLAG_SEP_SPLUS_SPC (3 << 16)/* ;+ spaced */
# define XN_FLAG_SEP_MULTILINE (4 << 16)/* One line per field */
# define XN_FLAG_DN_REV (1 << 20)/* Reverse DN order */
/* How the field name is shown */
# define XN_FLAG_FN_MASK (0x3 << 21)
# define XN_FLAG_FN_SN 0/* Object short name */
# define XN_FLAG_FN_LN (1 << 21)/* Object long name */
# define XN_FLAG_FN_OID (2 << 21)/* Always use OIDs */
# define XN_FLAG_FN_NONE (3 << 21)/* No field names */
# define XN_FLAG_SPC_EQ (1 << 23)/* Put spaces round '=' */
/*
* This determines if we dump fields we don't recognise: RFC2253 requires
* this.
*/
# define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)
# define XN_FLAG_FN_ALIGN (1 << 25)/* Align field names to 20
* characters */
/* Complete set of RFC2253 flags */
# define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \
XN_FLAG_SEP_COMMA_PLUS | \
XN_FLAG_DN_REV | \
XN_FLAG_FN_SN | \
XN_FLAG_DUMP_UNKNOWN_FIELDS)
/* readable oneline form */
# define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \
ASN1_STRFLGS_ESC_QUOTE | \
XN_FLAG_SEP_CPLUS_SPC | \
XN_FLAG_SPC_EQ | \
XN_FLAG_FN_SN)
# define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \
ASN1_STRFLGS_ESC_MSB | \
XN_FLAG_SEP_MULTILINE | \
XN_FLAG_SPC_EQ | \
XN_FLAG_FN_LN | \
XN_FLAG_FN_ALIGN)
This is on CRAN now.
it's somewhat problematic to split
issuer
andsubject
as<comma><space>
seems to be "a thing" now in the values for the individual fields.XN_FLAG_SEP_SPLUS_SPC & ~ASN1_STRFLGS_ESC_MSB
would help compensate for that since semicolons are far less frequent as are<semicolon><space>
instances.Proposal (I can PR this) is to add a
SEXP semicolon
(or whatever you'd like the flag to be) toggle inR_cert_info
that would note to useXN_FLAG_SEP_SPLUS_SPC & ~ASN1_STRFLGS_ESC_MSB
vsXN_FLAG_RFC2253 & ~ASN1_STRFLGS_ESC_MSB
. Multiline wld be even better but I saw the comment abt it being problematic.That would then require something like adding
semicolon = getOption("OPENSSL_SEP_SEMICOLON", default = FALSE)
to the unexportedcert_info()
function since it's not exported and only called internally.Cld use an env var vs option. Cld also expose the function and formalize the param.
I've got ^^ ready in a PR but can change it to support whatever the desired approach is.