1=pod 2 3=head1 NAME 4 5openssl-namedisplay-options - Distinguished name display options 6 7=head1 SYNOPSIS 8 9B<openssl> 10I<command> 11[ I<options> ... ] 12[ I<parameters> ... ] 13 14=head1 DESCRIPTION 15 16OpenSSL provides fine-grain control over how the subject and issuer DN's are 17displayed. 18This is specified by using the B<-nameopt> option, which takes a 19comma-separated list of options from the following set. 20An option may be preceded by a minus sign, C<->, to turn it off. 21The first four option arguments are the most commonly used. 22 23The default value is 24C<esc_ctrl,utf8,dump_unknown,dump_der,sep_comma_plus_space,sname>. 25 26=head1 OPTIONS 27 28=head2 Name Format Option Arguments 29 30The DN output format can be fine tuned with the following flags. 31 32=over 4 33 34=item B<compat> 35 36Display the name using an old format from previous OpenSSL versions. 37 38=item B<RFC2253> 39 40Display the name using the format defined in RFC 2253. 41It is equivalent to B<esc_2253>, B<esc_ctrl>, B<esc_msb>, B<utf8>, 42B<dump_nostr>, B<dump_unknown>, B<dump_der>, B<sep_comma_plus>, B<dn_rev> 43and B<sname>. 44 45=item B<oneline> 46 47Display the name in one line, using a format that is more readable 48RFC 2253. 49It is equivalent to B<esc_2253>, B<esc_ctrl>, B<esc_msb>, B<utf8>, 50B<dump_nostr>, B<dump_der>, B<use_quote>, B<sep_comma_plus_space>, 51B<space_eq> and B<sname> options. 52 53=item B<multiline> 54 55Display the name using multiple lines. 56It is equivalent to B<esc_ctrl>, B<esc_msb>, B<sep_multiline>, B<space_eq>, 57B<lname> and B<align>. 58 59=item B<esc_2253> 60 61Escape the "special" characters in a field, as required by RFC 2253. 62That is, any of the characters C<,+"E<lt>E<gt>;>, C<#> at the beginning of 63a string and leading or trailing spaces. 64 65=item B<esc_2254> 66 67Escape the "special" characters in a field as required by RFC 2254 in a field. 68That is, the B<NUL> character and of C<()*>. 69 70=item B<esc_ctrl> 71 72Escape non-printable ASCII characters, codes less than 0x20 (space) 73or greater than 0x7F (DELETE). They are displayed using RFC 2253 C<\XX> 74notation where B<XX> are the two hex digits representing the character value. 75 76=item B<esc_msb> 77 78Escape any characters with the most significant bit set, that is with 79values larger than 127, as described in B<esc_ctrl>. 80 81=item B<use_quote> 82 83Escapes some characters by surrounding the entire string with quotation 84marks, C<">. 85Without this option, individual special characters are preceded with 86a backslash character, C<\>. 87 88=item B<utf8> 89 90Convert all strings to UTF-8 format first as required by RFC 2253. 91If the output device is UTF-8 compatible, then using this option (and 92not setting B<esc_msb>) may give the correct display of multibyte 93characters. 94If this option is not set, then multibyte characters larger than 0xFF 95will be output as C<\UXXXX> for 16 bits or C<\WXXXXXXXX> for 32 bits. 96In addition, any UTF8Strings will be converted to their character form first. 97 98=item B<ignore_type> 99 100This option does not attempt to interpret multibyte characters in any 101way. That is, the content octets are merely dumped as though one octet 102represents each character. This is useful for diagnostic purposes but 103will result in rather odd looking output. 104 105=item B<show_type> 106 107Display the type of the ASN1 character string before the value, 108such as C<BMPSTRING: Hello World>. 109 110=item B<dump_der> 111 112Any fields that would be output in hex format are displayed using 113the DER encoding of the field. 114If not set, just the content octets are displayed. 115Either way, the B<#XXXX...> format of RFC 2253 is used. 116 117=item B<dump_nostr> 118 119Dump non-character strings, such as ASN.1 B<OCTET STRING>. 120If this option is not set, then non character string types will be displayed 121as though each content octet represents a single character. 122 123=item B<dump_all> 124 125Dump all fields. When this used with B<dump_der>, this allows the 126DER encoding of the structure to be unambiguously determined. 127 128=item B<dump_unknown> 129 130Dump any field whose OID is not recognised by OpenSSL. 131 132=item B<sep_comma_plus>, B<sep_comma_plus_space>, B<sep_semi_plus_space>, 133B<sep_multiline> 134 135Specify the field separators. The first word is used between the 136Relative Distinguished Names (RDNs) and the second is between 137multiple Attribute Value Assertions (AVAs). Multiple AVAs are 138very rare and their use is discouraged. 139The options ending in "space" additionally place a space after the separator to make it more readable. 140The B<sep_multiline> starts each field on its own line, and uses "plus space" 141for the AVA separator. 142It also indents the fields by four characters. 143The default value is B<sep_comma_plus_space>. 144 145=item B<dn_rev> 146 147Reverse the fields of the DN as required by RFC 2253. 148This also reverses the order of multiple AVAs in a field, but this is 149permissible as there is no ordering on values. 150 151=item B<nofname>, B<sname>, B<lname>, B<oid> 152 153Specify how the field name is displayed. 154B<nofname> does not display the field at all. 155B<sname> uses the "short name" form (CN for commonName for example). 156B<lname> uses the long form. 157B<oid> represents the OID in numerical form and is useful for 158diagnostic purpose. 159 160=item B<align> 161 162Align field values for a more readable output. Only usable with 163B<sep_multiline>. 164 165=item B<space_eq> 166 167Places spaces round the equal sign, C<=>, character which follows the field 168name. 169 170=back 171 172=head1 COPYRIGHT 173 174Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved. 175 176Licensed under the Apache License 2.0 (the "License"). You may not use 177this file except in compliance with the License. You can obtain a copy 178in the file LICENSE in the source distribution or at 179L<https://www.openssl.org/source/license.html>. 180 181=cut 182