Add '-ext' option to display extensions in 'x509'

This is to address issue #3932. Support comma-separated string
to specify what extensions to be displayed.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4016)

Remove redundant variable

[to be squashed]

1 files changed, 15 insertions, 0 deletions

diff --git a/doc/man1/x509.pod b/doc/man1/x509.pod
index 68fbf81f67..0b7956048c 100644
--- a/doc/man1/x509.pod
+++ b/doc/man1/x509.pod
@@ -53,6 +53,7 @@ B<openssl> B<x509>
 [B<-CAserial filename>]
 [B<-force_pubkey key>]
 [B<-text>]
+[B<-ext extensions>]
 [B<-certopt option>]
 [B<-C>]
 [B<-[digest]>]
@@ -157,6 +158,12 @@ Prints out the certificate in text form. Full details are output including the
 public key, signature algorithms, issuer and subject names, serial number
 any extensions present and any trust settings.
 
+=item B<-ext extensions>
+
+Prints out the certificate extensions in text form. Extensions are specified
+with a comma separated string, e.g., "subjectAltName,subjectKeyIdentifier".
+See the L<x509v3_config(5)> manual page for the extension names.
+
 =item B<-certopt option>
 
 Customise the output format used with B<-text>. The B<option> argument
@@ -692,6 +699,14 @@ Display the contents of a certificate:
 
  openssl x509 -in cert.pem -noout -text
 
+Display the "Subject Alternative Name" extension of a certificate:
+
+ openssl x509 -in cert.pem -noout -ext subjectAltName
+
+Display the more extensions of a certificate:
+
+ openssl x509 -in cert.pem -noout -ext subjectAltName,nsCertType
+
 Display the certificate serial number:
 
  openssl x509 -in cert.pem -noout -serial