From bfd752fe83c72f248a6905d971217e8a3e3a287d Mon Sep 17 00:00:00 2001 From: Eric Curtin Date: Mon, 3 Sep 2018 15:23:37 +0100 Subject: [PATCH] New openssl subject parser hard to debug -subj 'subject=C = US, ST = A, L = root, O = Hewlett Packard Enterprise Company, OU = Remote Device Access, CN = Hewlett Packard Enterprise Remote Device Access Test Local CA, emailAddress = rda@hpe.com' was a valid subject in openssl 1.0. Error received in 1.1 is: problems making Certificate Request Not very informative, I only figured this out because I compiled the code and added logging. Reviewed-by: Tim Hudson Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7098) (cherry picked from commit 2167640b0bf76ec50a397dd90444b97c242e3f04) --- apps/apps.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/apps/apps.c b/apps/apps.c index d52201f1f3..a162b16060 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1707,8 +1707,14 @@ X509_NAME *parse_name(const char *cp, long chtype, int canmulti) char *work; X509_NAME *n; - if (*cp++ != '/') + if (*cp++ != '/') { + BIO_printf(bio_err, + "name is expected to be in the format " + "/type0=value0/type1=value1/type2=... where characters may " + "be escaped by \\. This name is not in that format: '%s'\n", + --cp); return NULL; + } n = X509_NAME_new(); if (n == NULL) -- 2.25.1