1OPENSSL-NAMEDISPLAY-OPTIONS(1ossl)  OpenSSL OPENSSL-NAMEDISPLAY-OPTIONS(1ossl)
2
3
4

NAME

6       openssl-namedisplay-options - Distinguished name display options
7

SYNOPSIS

9       openssl command [ options ... ] [ parameters ... ]
10

DESCRIPTION

12       OpenSSL provides fine-grain control over how the subject and issuer
13       DN's are displayed.  This is specified by using the -nameopt option,
14       which takes a comma-separated list of options from the following set.
15       An option may be preceded by a minus sign, "-", to turn it off.  The
16       default value is "oneline".  The first four are the most commonly used.
17

OPTIONS

19   Name Format Option Arguments
20       The DN output format can be fine tuned with the following flags.
21
22       compat
23           Display the name using an old format from previous OpenSSL
24           versions.
25
26       RFC2253
27           Display the name using the format defined in RFC 2253.  It is
28           equivalent to esc_2253, esc_ctrl, esc_msb, utf8, dump_nostr,
29           dump_unknown, dump_der, sep_comma_plus, dn_rev and sname.
30
31       oneline
32           Display the name in one line, using a format that is more readable
33           RFC 2253.  It is equivalent to esc_2253, esc_ctrl, esc_msb, utf8,
34           dump_nostr, dump_der, use_quote, sep_comma_plus_space, space_eq and
35           sname options.
36
37       multiline
38           Display the name using multiple lines.  It is equivalent to
39           esc_ctrl, esc_msb, sep_multiline, space_eq, lname and align.
40
41       esc_2253
42           Escape the "special" characters in a field, as required by RFC
43           2253.  That is, any of the characters ",+"<>;", "#" at the
44           beginning of a string and leading or trailing spaces.
45
46       esc_2254
47           Escape the "special" characters in a field as required by RFC 2254
48           in a field.  That is, the NUL character and of "()*".
49
50       esc_ctrl
51           Escape non-printable ASCII characters, codes less than 0x20 (space)
52           or greater than 0x7F (DELETE). They are displayed using RFC 2253
53           "\XX" notation where XX are the two hex digits representing the
54           character value.
55
56       esc_msb
57           Escape any characters with the most significant bit set, that is
58           with values larger than 127, as described in esc_ctrl.
59
60       use_quote
61           Escapes some characters by surrounding the entire string with
62           quotation marks, """.  Without this option, individual special
63           characters are preceded with a backslash character, "\".
64
65       utf8
66           Convert all strings to UTF-8 format first as required by RFC 2253.
67           If the output device is UTF-8 compatible, then using this option
68           (and not setting esc_msb) may give the correct display of multibyte
69           characters.  If this option is not set, then multibyte characters
70           larger than 0xFF will be output as "\UXXXX" for 16 bits or
71           "\WXXXXXXXX" for 32 bits.  In addition, any UTF8Strings will be
72           converted to their character form first.
73
74       ignore_type
75           This option does not attempt to interpret multibyte characters in
76           any way. That is, the content octets are merely dumped as though
77           one octet represents each character. This is useful for diagnostic
78           purposes but will result in rather odd looking output.
79
80       show_type
81           Display the type of the ASN1 character string before the value,
82           such as "BMPSTRING: Hello World".
83
84       dump_der
85           Any fields that would be output in hex format are displayed using
86           the DER encoding of the field.  If not set, just the content octets
87           are displayed.  Either way, the #XXXX... format of RFC 2253 is
88           used.
89
90       dump_nostr
91           Dump non-character strings, such as ASN.1 OCTET STRING.  If this
92           option is not set, then non character string types will be
93           displayed as though each content octet represents a single
94           character.
95
96       dump_all
97           Dump all fields. When this used with dump_der, this allows the DER
98           encoding of the structure to be unambiguously determined.
99
100       dump_unknown
101           Dump any field whose OID is not recognised by OpenSSL.
102
103       sep_comma_plus, sep_comma_plus_space, sep_semi_plus_space,
104       sep_multiline
105           Specify the field separators. The first word is used between the
106           Relative Distinguished Names (RDNs) and the second is between
107           multiple Attribute Value Assertions (AVAs). Multiple AVAs are very
108           rare and their use is discouraged.  The options ending in "space"
109           additionally place a space after the separator to make it more
110           readable.  The sep_multiline starts each field on its own line, and
111           uses "plus space" for the AVA separator.  It also indents the
112           fields by four characters.  The default value is
113           sep_comma_plus_space.
114
115       dn_rev
116           Reverse the fields of the DN as required by RFC 2253.  This also
117           reverses the order of multiple AVAs in a field, but this is
118           permissible as there is no ordering on values.
119
120       nofname, sname, lname, oid
121           Specify how the field name is displayed.  nofname does not display
122           the field at all.  sname uses the "short name" form (CN for
123           commonName for example).  lname uses the long form.  oid represents
124           the OID in numerical form and is useful for diagnostic purpose.
125
126       align
127           Align field values for a more readable output. Only usable with
128           sep_multiline.
129
130       space_eq
131           Places spaces round the equal sign, "=", character which follows
132           the field name.
133
135       Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
136
137       Licensed under the Apache License 2.0 (the "License").  You may not use
138       this file except in compliance with the License.  You can obtain a copy
139       in the file LICENSE in the source distribution or at
140       <https://www.openssl.org/source/license.html>.
141
142
143
1443.0.9                             2023-07-27OPENSSL-NAMEDISPLAY-OPTIONS(1ossl)
Impressum