<div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">Dear Victor, </div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Apr 22, 2019 at 9:23 PM Viktor Dukhovni <<a href="mailto:openssl-users@dukhovni.org">openssl-users@dukhovni.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Sun, Apr 21, 2019 at 06:58:53PM +0300, Dmitry Belyavsky wrote:<br>
<br>
> When I use a command<br>
> <br>
> openssl asn1parse -genstr "UTF8String:ф" -out content<br>
> <br>
> I get a 6-byte file. If I understand correctly, it starts with a 2-byte<br>
> header indicating the content length and then contains an encoded letter<br>
> 'ф' I want. But the encoding of it is not UTF8, as the utf8 encoding of a<br>
> cyrillic letter is 2 bytes long.<br>
> <br>
> Am I wrong? If the behavior I see is desired one, how can I convert the<br>
> result of the encoding to UTF8 using openssl internal API?<br>
<br>
By default the input string is assumed to contain single-byte octets,<br>
which are individually encoded as UTF-8. This is rarely what you<br>
want if your input is not ASCII. For actual UTF-8 input, you can<br>
use:<br>
<br>
$ openssl asn1parse -out content -genstr 'FORMAT:UTF8,UTF8String:Он врет! Он не знает, КАК НАДО!' # [1]<br>
0:d=0 hl=2 l= 53 prim: UTF8STRING :Он врет! Он не знает, КАК НАДО!<br>
<br>
The "genstr" format is described in, for example:<br>
<br>
<a href="https://www.openssl.org/docs/man1.0.2/man3/ASN1_generate_nconf.html" rel="noreferrer" target="_blank">https://www.openssl.org/docs/man1.0.2/man3/ASN1_generate_nconf.html</a></blockquote><div><br></div><div>Thank you very much for your answer and especially for a brilliant example :)</div><div><br></div><div>I'm trying to implement RFC 8398 and I try to create a valid certificate with EAI email in otherName. </div><div><br></div><div>I expected that a line in the config file </div><div><br></div><div><div><div>subjectAltName=otherName:1.3.6.1.5.5.7.8.9;FORMAT:UTF8,UTF8:医生@<a href="http://xn--pss25c.example.com">大学.example.com</a></div></div><br class="gmail-Apple-interchange-newline"></div><div>will do the trick.</div><div>But I get an error</div><div><div>140642093051968:error:0D0B20C2:asn1 encoding routines:ASN1_generate_v3:unknown tag:../crypto/asn1/asn1_gen.c:94:</div><div>140642093051968:error:220A4093:X509 V3 routines:a2i_GENERAL_NAME:othername error:../crypto/x509v3/v3_alt.c:456:</div><div>140642093051968:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:../crypto/x509v3/v3_conf.c:47:name=subjectAltName, value=otherName:1.3.6.1.5.5.7.8.9;FORMAT:UTF8,UTF8:医生@<a href="http://xn--pss25c.example.com">大学.example.com</a></div></div><div><br></div><div>If I specify the otherName like</div><div><div>subjectAltName=otherName:1.3.6.1.5.5.7.8.9;UTF8:医生@<a href="http://xn--pss25c.example.com">大学.example.com</a></div></div><div><br></div><div>I do not get an error, but the encoding seems to be not UTF8, but ASCII.</div><div>Can this behavior be fixed?</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
<br>
-- <br>
Viktor.<br>
<br>
[1]. <a href="http://www.mnemosyne.ru/homo/galich-6.html" rel="noreferrer" target="_blank">http://www.mnemosyne.ru/homo/galich-6.html</a><br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature">SY, Dmitry Belyavsky</div></div></div></div>