diff options
| -rw-r--r-- | apps/cmp.c | 3 | ||||
| -rw-r--r-- | doc/man1/openssl-cmp.pod.in | 3 |
2 files changed, 4 insertions, 2 deletions
diff --git a/apps/cmp.c b/apps/cmp.c index b6e88e64f6..1c97075531 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -836,11 +836,12 @@ static int set_gennames(OSSL_CMP_CTX *ctx, char *names, const char *desc) continue; } - /* try IP address first, then URI or domain name */ + /* try IP address first, then email/URI/domain name */ (void)ERR_set_mark(); n = a2i_GENERAL_NAME(NULL, NULL, NULL, GEN_IPADD, names, 0); if (n == NULL) n = a2i_GENERAL_NAME(NULL, NULL, NULL, + strchr(names, '@') != NULL ? GEN_EMAIL : strchr(names, ':') != NULL ? GEN_URI : GEN_DNS, names, 0); (void)ERR_pop_to_mark(); diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in index b4c3c82255..58e9bd7dda 100644 --- a/doc/man1/openssl-cmp.pod.in +++ b/doc/man1/openssl-cmp.pod.in @@ -312,7 +312,8 @@ contained the given PKCS#10 CSR, overriding any extensions with same OIDs. =item B<-sans> I<spec> -One or more IP addresses, DNS names, or URIs separated by commas or whitespace +One or more IP addresses, email addresses, DNS names, or URIs +separated by commas or whitespace (where in the latter case the whole argument must be enclosed in "...") to add as Subject Alternative Name(s) (SAN) certificate request extension. If the special element "critical" is given the SANs are flagged as critical. |