Had a similar issue last year. vanilla OpenSSL doesn't do this, alas. I did a brutal backport of my own work to CVS HEAD (bleeding edge) OpenSSL -- I have a tweaked version of OpenSSL over here, which is fully size_t-ified and other odds and ends, hence the need for 'backpatching' for me -- and you can download the patch file here (compressed with 7zip: www.7zip.org):
http://hebbut.net/asn1stringdumping.7z If you're behind a a**l corporate firewall and don't have 7zip: http://hebbut.net/asn1stringdumping.patch Patch has been tested against CVS HEAD on Ubuntu 10.04/AMD64. To see what it does: ----------- g...@michelle:/tmp/o$ apps/openssl asn1parse --help WARNING: can't open config file: /usr/local/ssl/openssl.cnf unknown option --help asn1parse [options] <infile where options are -inform arg input format - one of D[ER], T[EXT], P[EM], PV[K], N[ETSCAPE], S[MIME], M[SBLOB], 1/P12/PKCS12, E[NGINE] -in arg input file -out arg output file (output format is always DER -noout arg don't produce any output -offset arg offset into file -length arg length of section in file -i indent entries -dump dump unknown data in hex form -dlimit arg dump the first arg bytes of unknown data in hex form -oid file file of extra oid definitions -strparse offset a series of these can be used to 'dig' into multiple ASN.1 blob wrappings -genstr str string to generate ASN1 structure from -genconf file file to generate ASN1 structure from -noshow options dump ASN.1 without these. Accepts a comma separated list of: offset,depth,hl,length,info ----------------- note the added -noshow option as I have used asn1parse do dump/test all sorts of ASN.1 data streams, not just OpenSSL ones. A bit of sample output (GENERALSTRING will be 'hexdumped' because GENERALSTRING data may be arbitrary binary, so it rides on what I did for other ASN.1 bits too: extend the general BIO_dump 'hexdumping' facility to include ASCII text printing and offsets, so one can see what's in there in an easy way. Also note that timestamps should now be printed in a more legible fashion than with 'vanilla' asn1parse. ----------------- apps/openssl asn1parse -dump -inform PEM -i < ./apps/cert.pem WARNING: can't open config file: /usr/local/ssl/openssl.cnf 0:d=0 hl=4 l= 416 cons: SEQUENCE 4:d=1 hl=4 l= 330 cons: SEQUENCE 8:d=2 hl=2 l= 1 prim: INTEGER :00 11:d=2 hl=2 l= 13 cons: SEQUENCE 13:d=3 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption 24:d=3 hl=2 l= 0 prim: NULL 26:d=2 hl=2 l= 99 cons: SEQUENCE 28:d=3 hl=2 l= 11 cons: SET 30:d=4 hl=2 l= 9 cons: SEQUENCE 32:d=5 hl=2 l= 3 prim: OBJECT :countryName 37:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AU 41:d=3 hl=2 l= 19 cons: SET 43:d=4 hl=2 l= 17 cons: SEQUENCE 45:d=5 hl=2 l= 3 prim: OBJECT :stateOrProvinceName 50:d=5 hl=2 l= 10 prim: PRINTABLESTRING :Queensland 62:d=3 hl=2 l= 26 cons: SET 64:d=4 hl=2 l= 24 cons: SEQUENCE 66:d=5 hl=2 l= 3 prim: OBJECT :organizationName 71:d=5 hl=2 l= 17 prim: PRINTABLESTRING :CryptSoft Pty Ltd 90:d=3 hl=2 l= 35 cons: SET 92:d=4 hl=2 l= 33 cons: SEQUENCE 94:d=5 hl=2 l= 3 prim: OBJECT :commonName 99:d=5 hl=2 l= 26 prim: PRINTABLESTRING :Server test cert (512 bit) 127:d=2 hl=2 l= 30 cons: SEQUENCE 129:d=3 hl=2 l= 13 prim: UTCTIME :970909034126Z (Sep 9 03:41:26 1997 GMT) 144:d=3 hl=2 l= 13 prim: UTCTIME :971009034126Z (Oct 9 03:41:26 1997 GMT) 159:d=2 hl=2 l= 94 cons: SEQUENCE 161:d=3 hl=2 l= 11 cons: SET 163:d=4 hl=2 l= 9 cons: SEQUENCE 165:d=5 hl=2 l= 3 prim: OBJECT :countryName 170:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AU 174:d=3 hl=2 l= 19 cons: SET 176:d=4 hl=2 l= 17 cons: SEQUENCE 178:d=5 hl=2 l= 3 prim: OBJECT :stateOrProvinceName 183:d=5 hl=2 l= 10 prim: PRINTABLESTRING :Some-State 195:d=3 hl=2 l= 33 cons: SET 197:d=4 hl=2 l= 31 cons: SEQUENCE 199:d=5 hl=2 l= 3 prim: OBJECT :organizationName 204:d=5 hl=2 l= 24 prim: PRINTABLESTRING :Internet Widgits Pty Ltd 230:d=3 hl=2 l= 23 cons: SET 232:d=4 hl=2 l= 21 cons: SEQUENCE 234:d=5 hl=2 l= 3 prim: OBJECT :commonName 239:d=5 hl=2 l= 14 prim: PRINTABLESTRING :Eric the Young 255:d=2 hl=2 l= 81 cons: SEQUENCE 257:d=3 hl=2 l= 9 cons: SEQUENCE 259:d=4 hl=2 l= 5 prim: OBJECT :dsaEncryption-old 266:d=4 hl=2 l= 0 prim: NULL 268:d=3 hl=2 l= 68 prim: BIT STRING 0000 - 00 02 41 00 b5 44 a8 f3-83 9e 92 38 ad 28 65 ..A..D.....8.(e 000f - 63-c4 bb b4 1e f5 dc 93 6f-69 bb e7 e8 69 de c.......oi...i. 001e - 77 bc-f2 97 02 cb 89 74 00 a3-f3 c0 4f a9 9f w......t....O.. 002d - 75 63 d3-c8 25 fd 46 52 1d fc 0a-e8 87 5a 2e uc..%.FR.....Z. 003c - f3 dd c1 03-7d 90 b2 08 ....}... 338:d=1 hl=2 l= 13 cons: SEQUENCE 340:d=2 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption ----------------- On Wed, Oct 20, 2010 at 8:30 AM, Aleksander Adamowski <open...@olo.org.pl>wrote: > Hi! > > Is there a way to make asn1parse print out GENERALSTRING values? I'm > dissecting the Kerberos v5 protocol and it's a large nuisance to mess > with offsets and dumping strings manually. > > There doesn't seem to be any related option documented in asn1parse > manual, nor in asn1parse source > (http://cvs.openssl.org/fileview?f=openssl/apps/asn1pars.c&v=1.16.2.7). > > I saw that one guy made a patch to do this back in 2007 > (http://thread.gmane.org/gmane.comp.encryption.openssl.devel/10672); > can it be true that since then nothing has happened in this regard? > It would seem to me that such functionality gap is severely limiting > asn1parse usefullness for lots of people. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > -- Met vriendelijke groeten / Best regards, Ger Hobbelt -------------------------------------------------- web: http://www.hobbelt.com/ http://www.hebbut.net/ mail: g...@hobbelt.com mobile: +31-6-11 120 978 --------------------------------------------------
