diff options
-rw-r--r-- | apps/apps.c | 6 | ||||
-rw-r--r-- | doc/apps/ca.pod | 6 | ||||
-rw-r--r-- | doc/apps/req.pod | 6 |
3 files changed, 14 insertions, 4 deletions
diff --git a/apps/apps.c b/apps/apps.c index a162b16060..94efa5ac05 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1770,6 +1770,12 @@ X509_NAME *parse_name(const char *cp, long chtype, int canmulti) opt_getprog(), typestr); continue; } + if (*valstr == '\0') { + BIO_printf(bio_err, + "%s: No value provided for Subject Attribute %s, skipped\n", + opt_getprog(), typestr); + continue; + } if (!X509_NAME_add_entry_by_NID(n, nid, chtype, valstr, strlen((char *)valstr), -1, ismulti ? -1 : 0)) diff --git a/doc/apps/ca.pod b/doc/apps/ca.pod index 9918a1364a..9885bb2392 100644 --- a/doc/apps/ca.pod +++ b/doc/apps/ca.pod @@ -243,8 +243,10 @@ for all available algorithms. =item B<-subj arg> supersedes subject name given in the request. -The arg must be formatted as I</type0=value0/type1=value1/type2=...>, -characters may be escaped by \ (backslash), no spaces are skipped. +The arg must be formatted as I</type0=value0/type1=value1/type2=...>. +Keyword characters may be escaped by \ (backslash), and whitespace is retained. +Empty values are permitted, but the corresponding type will not be included +in the resulting certificate. =item B<-utf8> diff --git a/doc/apps/req.pod b/doc/apps/req.pod index 0a28aea707..00ec1a82bb 100644 --- a/doc/apps/req.pod +++ b/doc/apps/req.pod @@ -213,8 +213,10 @@ see L<openssl(1)/COMMAND SUMMARY>. sets subject name for new request or supersedes the subject name when processing a request. -The arg must be formatted as I</type0=value0/type1=value1/type2=...>, -characters may be escaped by \ (backslash), no spaces are skipped. +The arg must be formatted as I</type0=value0/type1=value1/type2=...>. +Keyword characters may be escaped by \ (backslash), and whitespace is retained. +Empty values are permitted, but the corresponding type will not be included +in the request. =item B<-multivalue-rdn> |