openssl - openssl CLI 输出中 notAfter/enddate 的额外空间

Question

我在该命令的 enddate 输出中获得了额外的空间:

$ export IP=google.com;  nc -z -w 3 $IP 443 && (echo | openssl s_client -
connect $IP:443 2>/dev/null | openssl x509 -noout -enddate)
Connection to google.com port 443 [tcp/https] succeeded!
notAfter=Apr  4 09:40:00 2018 GMT

注意 notAfter= 行中 Apr 和 4 之间的两个空格。

我在笔记本电脑和 Linux 服务器上的两个版本都是这种情况:

$ openssl version
LibreSSL 2.2.7
$ openssl version
OpenSSL 1.0.1f 6 Jan 2014

这是错误吗？我会尝试在https://github.com/openssl/openssl/issues中举报

我们开始:

https://github.com/openssl/openssl/issues/5107

https://github.com/libressl-portable/portable/issues/382

Answer 1

This is intentional behavior from ASN1_TIME_print(), to use a fixed number of characters for the day representation. If the day number is less than 10, it still takes up two columns, with the first one being filled as a space. This is friendly to automated tooling parsers even if it is a little jarring for the human eye. I don't think it's appropriate to change ASN1_TIME_print()'s behavior because it is used in more places than just this.

来自https://github.com/kaduk

https://github.com/openssl/openssl/issues/5107#issuecomment-358746180