openssl-namedisplay-options.1ossl 7.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206
  1. .\" -*- mode: troff; coding: utf-8 -*-
  2. .\" Automatically generated by Pod::Man 5.01 (Pod::Simple 3.43)
  3. .\"
  4. .\" Standard preamble:
  5. .\" ========================================================================
  6. .de Sp \" Vertical space (when we can't use .PP)
  7. .if t .sp .5v
  8. .if n .sp
  9. ..
  10. .de Vb \" Begin verbatim text
  11. .ft CW
  12. .nf
  13. .ne \\$1
  14. ..
  15. .de Ve \" End verbatim text
  16. .ft R
  17. .fi
  18. ..
  19. .\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>.
  20. .ie n \{\
  21. . ds C` ""
  22. . ds C' ""
  23. 'br\}
  24. .el\{\
  25. . ds C`
  26. . ds C'
  27. 'br\}
  28. .\"
  29. .\" Escape single quotes in literal strings from groff's Unicode transform.
  30. .ie \n(.g .ds Aq \(aq
  31. .el .ds Aq '
  32. .\"
  33. .\" If the F register is >0, we'll generate index entries on stderr for
  34. .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
  35. .\" entries marked with X<> in POD. Of course, you'll have to process the
  36. .\" output yourself in some meaningful fashion.
  37. .\"
  38. .\" Avoid warning from groff about undefined register 'F'.
  39. .de IX
  40. ..
  41. .nr rF 0
  42. .if \n(.g .if rF .nr rF 1
  43. .if (\n(rF:(\n(.g==0)) \{\
  44. . if \nF \{\
  45. . de IX
  46. . tm Index:\\$1\t\\n%\t"\\$2"
  47. ..
  48. . if !\nF==2 \{\
  49. . nr % 0
  50. . nr F 2
  51. . \}
  52. . \}
  53. .\}
  54. .rr rF
  55. .\" ========================================================================
  56. .\"
  57. .IX Title "OPENSSL-NAMEDISPLAY-OPTIONS 1ossl"
  58. .TH OPENSSL-NAMEDISPLAY-OPTIONS 1ossl 2025-01-17 3.4.0 OpenSSL
  59. .\" For nroff, turn off justification. Always turn off hyphenation; it makes
  60. .\" way too many mistakes in technical documents.
  61. .if n .ad l
  62. .nh
  63. .SH NAME
  64. openssl\-namedisplay\-options \- Distinguished name display options
  65. .SH SYNOPSIS
  66. .IX Header "SYNOPSIS"
  67. \&\fBopenssl\fR
  68. \&\fIcommand\fR
  69. [ \fIoptions\fR ... ]
  70. [ \fIparameters\fR ... ]
  71. .SH DESCRIPTION
  72. .IX Header "DESCRIPTION"
  73. OpenSSL provides fine-grain control over how the subject and issuer DN's are
  74. displayed.
  75. This is specified by using the \fB\-nameopt\fR option, which takes a
  76. comma-separated list of options from the following set.
  77. An option may be preceded by a minus sign, \f(CW\*(C`\-\*(C'\fR, to turn it off.
  78. The default value is \f(CW\*(C`utf8,sep_comma_plus_space\*(C'\fR.
  79. The first four are the most commonly used.
  80. .SH OPTIONS
  81. .IX Header "OPTIONS"
  82. .SS "Name Format Option Arguments"
  83. .IX Subsection "Name Format Option Arguments"
  84. The DN output format can be fine tuned with the following flags.
  85. .IP \fBcompat\fR 4
  86. .IX Item "compat"
  87. Display the name using an old format from previous OpenSSL versions.
  88. .IP \fBRFC2253\fR 4
  89. .IX Item "RFC2253"
  90. Display the name using the format defined in RFC 2253.
  91. It is equivalent to \fBesc_2253\fR, \fBesc_ctrl\fR, \fBesc_msb\fR, \fButf8\fR,
  92. \&\fBdump_nostr\fR, \fBdump_unknown\fR, \fBdump_der\fR, \fBsep_comma_plus\fR, \fBdn_rev\fR
  93. and \fBsname\fR.
  94. .IP \fBoneline\fR 4
  95. .IX Item "oneline"
  96. Display the name in one line, using a format that is more readable
  97. RFC 2253.
  98. It is equivalent to \fBesc_2253\fR, \fBesc_ctrl\fR, \fBesc_msb\fR, \fButf8\fR,
  99. \&\fBdump_nostr\fR, \fBdump_der\fR, \fBuse_quote\fR, \fBsep_comma_plus_space\fR,
  100. \&\fBspace_eq\fR and \fBsname\fR options.
  101. .IP \fBmultiline\fR 4
  102. .IX Item "multiline"
  103. Display the name using multiple lines.
  104. It is equivalent to \fBesc_ctrl\fR, \fBesc_msb\fR, \fBsep_multiline\fR, \fBspace_eq\fR,
  105. \&\fBlname\fR and \fBalign\fR.
  106. .IP \fBesc_2253\fR 4
  107. .IX Item "esc_2253"
  108. Escape the "special" characters in a field, as required by RFC 2253.
  109. That is, any of the characters \f(CW\*(C`,+"<>;\*(C'\fR, \f(CW\*(C`#\*(C'\fR at the beginning of
  110. a string and leading or trailing spaces.
  111. .IP \fBesc_2254\fR 4
  112. .IX Item "esc_2254"
  113. Escape the "special" characters in a field as required by RFC 2254 in a field.
  114. That is, the \fBNUL\fR character and of \f(CW\*(C`()*\*(C'\fR.
  115. .IP \fBesc_ctrl\fR 4
  116. .IX Item "esc_ctrl"
  117. Escape non-printable ASCII characters, codes less than 0x20 (space)
  118. or greater than 0x7F (DELETE). They are displayed using RFC 2253 \f(CW\*(C`\eXX\*(C'\fR
  119. notation where \fBXX\fR are the two hex digits representing the character value.
  120. .IP \fBesc_msb\fR 4
  121. .IX Item "esc_msb"
  122. Escape any characters with the most significant bit set, that is with
  123. values larger than 127, as described in \fBesc_ctrl\fR.
  124. .IP \fBuse_quote\fR 4
  125. .IX Item "use_quote"
  126. Escapes some characters by surrounding the entire string with quotation
  127. marks, \f(CW\*(C`"\*(C'\fR.
  128. Without this option, individual special characters are preceded with
  129. a backslash character, \f(CW\*(C`\e\*(C'\fR.
  130. .IP \fButf8\fR 4
  131. .IX Item "utf8"
  132. Convert all strings to UTF\-8 format first as required by RFC 2253.
  133. If the output device is UTF\-8 compatible, then using this option (and
  134. not setting \fBesc_msb\fR) may give the correct display of multibyte
  135. characters.
  136. If this option is not set, then multibyte characters larger than 0xFF
  137. will be output as \f(CW\*(C`\eUXXXX\*(C'\fR for 16 bits or \f(CW\*(C`\eWXXXXXXXX\*(C'\fR for 32 bits.
  138. In addition, any UTF8Strings will be converted to their character form first.
  139. .IP \fBignore_type\fR 4
  140. .IX Item "ignore_type"
  141. This option does not attempt to interpret multibyte characters in any
  142. way. That is, the content octets are merely dumped as though one octet
  143. represents each character. This is useful for diagnostic purposes but
  144. will result in rather odd looking output.
  145. .IP \fBshow_type\fR 4
  146. .IX Item "show_type"
  147. Display the type of the ASN1 character string before the value,
  148. such as \f(CW\*(C`BMPSTRING: Hello World\*(C'\fR.
  149. .IP \fBdump_der\fR 4
  150. .IX Item "dump_der"
  151. Any fields that would be output in hex format are displayed using
  152. the DER encoding of the field.
  153. If not set, just the content octets are displayed.
  154. Either way, the \fB#XXXX...\fR format of RFC 2253 is used.
  155. .IP \fBdump_nostr\fR 4
  156. .IX Item "dump_nostr"
  157. Dump non-character strings, such as ASN.1 \fBOCTET STRING\fR.
  158. If this option is not set, then non character string types will be displayed
  159. as though each content octet represents a single character.
  160. .IP \fBdump_all\fR 4
  161. .IX Item "dump_all"
  162. Dump all fields. When this used with \fBdump_der\fR, this allows the
  163. DER encoding of the structure to be unambiguously determined.
  164. .IP \fBdump_unknown\fR 4
  165. .IX Item "dump_unknown"
  166. Dump any field whose OID is not recognised by OpenSSL.
  167. .IP "\fBsep_comma_plus\fR, \fBsep_comma_plus_space\fR, \fBsep_semi_plus_space\fR, \fBsep_multiline\fR" 4
  168. .IX Item "sep_comma_plus, sep_comma_plus_space, sep_semi_plus_space, sep_multiline"
  169. Specify the field separators. The first word is used between the
  170. Relative Distinguished Names (RDNs) and the second is between
  171. multiple Attribute Value Assertions (AVAs). Multiple AVAs are
  172. very rare and their use is discouraged.
  173. The options ending in "space" additionally place a space after the separator to make it more readable.
  174. The \fBsep_multiline\fR starts each field on its own line, and uses "plus space"
  175. for the AVA separator.
  176. It also indents the fields by four characters.
  177. The default value is \fBsep_comma_plus_space\fR.
  178. .IP \fBdn_rev\fR 4
  179. .IX Item "dn_rev"
  180. Reverse the fields of the DN as required by RFC 2253.
  181. This also reverses the order of multiple AVAs in a field, but this is
  182. permissible as there is no ordering on values.
  183. .IP "\fBnofname\fR, \fBsname\fR, \fBlname\fR, \fBoid\fR" 4
  184. .IX Item "nofname, sname, lname, oid"
  185. Specify how the field name is displayed.
  186. \&\fBnofname\fR does not display the field at all.
  187. \&\fBsname\fR uses the "short name" form (CN for commonName for example).
  188. \&\fBlname\fR uses the long form.
  189. \&\fBoid\fR represents the OID in numerical form and is useful for
  190. diagnostic purpose.
  191. .IP \fBalign\fR 4
  192. .IX Item "align"
  193. Align field values for a more readable output. Only usable with
  194. \&\fBsep_multiline\fR.
  195. .IP \fBspace_eq\fR 4
  196. .IX Item "space_eq"
  197. Places spaces round the equal sign, \f(CW\*(C`=\*(C'\fR, character which follows the field
  198. name.
  199. .SH COPYRIGHT
  200. .IX Header "COPYRIGHT"
  201. Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved.
  202. .PP
  203. Licensed under the Apache License 2.0 (the "License"). You may not use
  204. this file except in compliance with the License. You can obtain a copy
  205. in the file LICENSE in the source distribution or at
  206. <https://www.openssl.org/source/license.html>.