From f829c8ebf0cd1cf4f19ecd04afb1711acbaf44ab Mon Sep 17 00:00:00 2001 From: David Cooper Date: Fri, 5 Feb 2021 13:35:54 -0500 Subject: [PATCH] Add more comments to print_dn() This commit adds some more explanatory comments to the code in print_dn() --- testssl.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/testssl.sh b/testssl.sh index fc897ea..3b7281c 100755 --- a/testssl.sh +++ b/testssl.sh @@ -20387,7 +20387,12 @@ print_dn() { # Use $OPENSSL to print the DN by creating a certificate containing the DN # as the issuer and then having $OPENSSL print the issuer field in the # resulting certificate. + + # Create the to-be-signed portion of the certificate: version || serialNumber || signature || issuer || validity || subject || subjectPublicKeyInfo + # with the DN to be printed being the issuer. cert="A003020102020100300A06082A8648CE3D040302${dn}301E170D3139303830353038333030305A170D3139303830353038333030305A30003019301306072A8648CE3D020106082A8648CE3D030107030200FF" + + # Make a SEQUENCE of the to-be-signed portion of the certificate. len=$((${#cert}/2)) if [[ $len -lt 128 ]]; then cert="30$(printf "%02x" $len)$cert" @@ -20396,6 +20401,10 @@ print_dn() { else cert="3082$(printf "%04x" $len)$cert" fi + + # Append a signature algorithm and signature value to the end of the + # to-be-signed portion of the certificate and then make a SEQUENCE of + # the result. cert+="300A06082A8648CE3D040302030200FF" len=$((${#cert}/2)) if [[ $len -lt 128 ]]; then @@ -20405,6 +20414,8 @@ print_dn() { else cert="3082$(printf "%04x" $len)$cert" fi + # Use the LDAP String Representation of Distinguished Names (RFC 2253), + # The current specification is in RFC 4514. name="$(asciihex_to_binary "$cert" | $OPENSSL x509 -issuer -noout -inform DER -nameopt RFC2253 2>/dev/null)" name="${name#issuer=}" tm_out "$(strip_leading_space "$name")"