APPS/cmp: make the -sans option support email addresses (type rfc822Name)

Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16960)
2025-03-31 20:10:45 +08:00 · 2021-11-03 18:41:07 +01:00 · 2021-11-03 18:41:07 +01:00 · 03ee2e5b1e
commit 03ee2e5b1e
parent 4ce64ed79d
2 changed files with 4 additions and 2 deletions
--- a/apps/cmp.c
+++ b/apps/cmp.c
@ -836,11 +836,12 @@ static int set_gennames(OSSL_CMP_CTX *ctx, char *names, const char *desc)
            continue;
        }

-        /* try IP address first, then URI or domain name */
+        /* try IP address first, then email/URI/domain name */
        (void)ERR_set_mark();
        n = a2i_GENERAL_NAME(NULL, NULL, NULL, GEN_IPADD, names, 0);
        if (n == NULL)
            n = a2i_GENERAL_NAME(NULL, NULL, NULL,
+                                 strchr(names, '@') != NULL ? GEN_EMAIL :
                                 strchr(names, ':') != NULL ? GEN_URI : GEN_DNS,
                                 names, 0);
        (void)ERR_pop_to_mark();
--- a/doc/man1/openssl-cmp.pod.in
+++ b/doc/man1/openssl-cmp.pod.in
@ -312,7 +312,8 @@ contained the given PKCS#10 CSR, overriding any extensions with same OIDs.

 =item B<-sans> I<spec>

-One or more IP addresses, DNS names, or URIs separated by commas or whitespace
+One or more IP addresses, email addresses, DNS names, or URIs
+separated by commas or whitespace
 (where in the latter case the whole argument must be enclosed in "...")
 to add as Subject Alternative Name(s) (SAN) certificate request extension.
 If the special element "critical" is given the SANs are flagged as critical.