apps: allow empty attribute values with -subj
authorBenjamin Kaduk <bkaduk@akamai.com>
Thu, 4 Oct 2018 18:49:21 +0000 (13:49 -0500)
committerBen Kaduk <kaduk@mit.edu>
Mon, 8 Oct 2018 21:32:47 +0000 (16:32 -0500)
commit3d362f190306b62a17aa2fd475b2bc8b3faa8142
tree6017fdeece75ffebed1fa1de05193dc21ceb7814
parent4fef4981f8cc614559b86a06532b0eeac6ffd0d9
apps: allow empty attribute values with -subj

Historically (i.e., OpenSSL 1.0.x), the openssl applications would
allow for empty subject attributes to be passed via the -subj argument,
e.g., `opensl req -subj '/CN=joe/O=/OU=local' ...`.  Commit
db4c08f0194d58c6192f0d8311bf3f20e251cf4f applied a badly needed rewrite
to the parse_name() helper function that parses these strings, but
in the process dropped a check that would skip attributes with no
associated value.  As a result, such strings are now treated as
hard errors and the operation fails.

Restore the check to skip empty attribute values and restore
the historical behavior.

Document the behavior for empty subject attribute values in the
corresponding applications' manual pages.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7349)
apps/apps.c
doc/man1/ca.pod
doc/man1/req.pod
doc/man1/storeutl.pod