1=pod 2 3=head1 NAME 4 5openssl-namedisplay-options - Distinguished name display options 6 7=head1 SYNOPSIS 8 9B<openssl> 10I<command> 11[ I<options> ... ] 12[ I<parameters> ... ] 13 14=head1 DESCRIPTION 15 16OpenSSL provides fine-grain control over how the subject and issuer DN's are 17displayed. 18This is specified by using the B<-nameopt> option, which takes a 19comma-separated list of options from the following set. 20An option may be preceded by a minus sign, C<->, to turn it off. 21The default value is C<oneline>. 22The first four are the most commonly used. 23 24=head1 OPTIONS 25 26=head2 Name Format Option Arguments 27 28The DN output format can be fine tuned with the following flags. 29 30=over 4 31 32=item B<compat> 33 34Display the name using an old format from previous OpenSSL versions. 35 36=item B<RFC2253> 37 38Display the name using the format defined in RFC 2253. 39It is equivalent to B<esc_2253>, B<esc_ctrl>, B<esc_msb>, B<utf8>, 40B<dump_nostr>, B<dump_unknown>, B<dump_der>, B<sep_comma_plus>, B<dn_rev> 41and B<sname>. 42 43=item B<oneline> 44 45Display the name in one line, using a format that is more readable 46RFC 2253. 47It is equivalent to B<esc_2253>, B<esc_ctrl>, B<esc_msb>, B<utf8>, 48B<dump_nostr>, B<dump_der>, B<use_quote>, B<sep_comma_plus_space>, 49B<space_eq> and B<sname> options. 50 51=item B<multiline> 52 53Display the name using multiple lines. 54It is equivalent to B<esc_ctrl>, B<esc_msb>, B<sep_multiline>, B<space_eq>, 55B<lname> and B<align>. 56 57=item B<esc_2253> 58 59Escape the "special" characters in a field, as required by RFC 2253. 60That is, any of the characters C<,+"E<lt>E<gt>;>, C<#> at the beginning of 61a string and leading or trailing spaces. 62 63=item B<esc_2254> 64 65Escape the "special" characters in a field as required by RFC 2254 in a field. 66That is, the B<NUL> character and of C<()*>. 67 68=item B<esc_ctrl> 69 70Escape non-printable ASCII characters, codes less than 0x20 (space) 71or greater than 0x7F (DELETE). They are displayed using RFC 2253 C<\XX> 72notation where B<XX> are the two hex digits representing the character value. 73 74=item B<esc_msb> 75 76Escape any characters with the most significant bit set, that is with 77values larger than 127, as described in B<esc_ctrl>. 78 79=item B<use_quote> 80 81Escapes some characters by surrounding the entire string with quotation 82marks, C<">. 83Without this option, individual special characters are preceded with 84a backslash character, C<\>. 85 86=item B<utf8> 87 88Convert all strings to UTF-8 format first as required by RFC 2253. 89If the output device is UTF-8 compatible, then using this option (and 90not setting B<esc_msb>) may give the correct display of multibyte 91characters. 92If this option is not set, then multibyte characters larger than 0xFF 93will be output as C<\UXXXX> for 16 bits or C<\WXXXXXXXX> for 32 bits. 94In addition, any UTF8Strings will be converted to their character form first. 95 96=item B<ignore_type> 97 98This option does not attempt to interpret multibyte characters in any 99way. That is, the content octets are merely dumped as though one octet 100represents each character. This is useful for diagnostic purposes but 101will result in rather odd looking output. 102 103=item B<show_type> 104 105Display the type of the ASN1 character string before the value, 106such as C<BMPSTRING: Hello World>. 107 108=item B<dump_der> 109 110Any fields that would be output in hex format are displayed using 111the DER encoding of the field. 112If not set, just the content octets are displayed. 113Either way, the B<#XXXX...> format of RFC 2253 is used. 114 115=item B<dump_nostr> 116 117Dump non-character strings, such as ASN.1 B<OCTET STRING>. 118If this option is not set, then non character string types will be displayed 119as though each content octet represents a single character. 120 121=item B<dump_all> 122 123Dump all fields. When this used with B<dump_der>, this allows the 124DER encoding of the structure to be unambiguously determined. 125 126=item B<dump_unknown> 127 128Dump any field whose OID is not recognised by OpenSSL. 129 130=item B<sep_comma_plus>, B<sep_comma_plus_space>, B<sep_semi_plus_space>, 131B<sep_multiline> 132 133Specify the field separators. The first word is used between the 134Relative Distinguished Names (RDNs) and the second is between 135multiple Attribute Value Assertions (AVAs). Multiple AVAs are 136very rare and their use is discouraged. 137The options ending in "space" additionally place a space after the separator to make it more readable. 138The B<sep_multiline> starts each field on its own line, and uses "plus space" 139for the AVA separator. 140It also indents the fields by four characters. 141The default value is B<sep_comma_plus_space>. 142 143=item B<dn_rev> 144 145Reverse the fields of the DN as required by RFC 2253. 146This also reverses the order of multiple AVAs in a field, but this is 147permissible as there is no ordering on values. 148 149=item B<nofname>, B<sname>, B<lname>, B<oid> 150 151Specify how the field name is displayed. 152B<nofname> does not display the field at all. 153B<sname> uses the "short name" form (CN for commonName for example). 154B<lname> uses the long form. 155B<oid> represents the OID in numerical form and is useful for 156diagnostic purpose. 157 158=item B<align> 159 160Align field values for a more readable output. Only usable with 161B<sep_multiline>. 162 163=item B<space_eq> 164 165Places spaces round the equal sign, C<=>, character which follows the field 166name. 167 168=back 169 170=head1 COPYRIGHT 171 172Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. 173 174Licensed under the Apache License 2.0 (the "License"). You may not use 175this file except in compliance with the License. You can obtain a copy 176in the file LICENSE in the source distribution or at 177L<https://www.openssl.org/source/license.html>. 178 179=cut 180