[openssl-dev] openssl x509 -text incorrectly displays non-latin (non-ansi) symbols (missed '-utf8 option?)
Ikonta
ikonta at yandex.ru
Thu Mar 5 14:53:13 UTC 2015
Good day!
Thank you!
I've referenced to^
$ openssl x509 --help
and find no keys to answer.
Maybe it will be good to extend
-nameopt arg - various certificate name options
to something like
-nameopt arg - various certificate name options (including output codepage, i.e. utf8 etc)
man openssl-x509
is well enough.
What is the reason of keeping non-utf8 default output codepage 11 years after switching default string_mask to utf8?
P.S. I have one more similiar question (to my mind for openssl-dev list).
Is it appropriate to ask it directly here, or it will be better to try openssl-users first?
02.03.2015, 13:04, "Erwann Abalea" <erwann.abalea at opentrust.com>:
> Probably an openssl-users question.
>
> Use "openssl x509 -text -in localhost-server.crt -nameopt
> oneline,utf8,-esc_msb"
> Your terminal must be able to display UTF8 sequences.
>
> I sometimes add the "show_type" nameopt option, to check things.
>
> --
> Erwann ABALEA
>
> Le 02/03/2015 06:58, Ikonta a écrit :
>> AFAIR in 2004 openssl switched to UTF8 as default bitmask in certificate.
>> But ANSI extension's of utf8 support is still incomplete:
>>
>> $ openssl x509 -text -in localhost-server.crt
>> Certificate:
>> Data:
>> Version: 3 (0x2)
>> Serial Number: 1 (0x1)
>> Signature Algorithm: sha256WithRSAEncryption
>> Issuer: C=RU, ST=\xD0\xA2\xD0\xB5\xD1\x81\xD1\x82, L=\xD0\xA2\xD0\xB5\xD1\x81\xD1\x82, O=\xD0\xA2\xD0\xB5\xD1\x81\xD1\x82, OU=Apache, CN=\xD1\x82\xD0\xB5\xD1\x81\xD1\x82\xD0\xBE\xD0\xB2\xD1\x8B\xD0\xB9 \xD0\xA6\xD0\x90/emailAddress=root at localhost
>> Validity
>> Not Before: Feb 6 08:28:23 2015 GMT
>> Not After : Sep 15 08:28:23 2020 GMT
>> Subject: C=RU, ST=\xD0\xA2\xD0\xB5\xD1\x81\xD1\x82, O=\xD0\xA2\xD0\xB5\xD1\x81\xD1\x82, OU=Apache web server, CN=localhost/emailAddress=apache at localhost
>> …
>> (not attaching exanple certificate file because mail list seems to reject such letters)
>> displays utf8 symbol codes instead of expected human-readably letters (in this case — cyrillic), shown after import this certificate into browser's profile.
>>
>> Probably adding -utf8 option for x509 command should fix this particular issue.
>>
>> P.S. I use =dev-libs/openssl-1.0.1k amd64 build on Gentoo GNU/Linux.
>> _______________________________________________
>> openssl-dev mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
>
> _______________________________________________
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
More information about the openssl-dev
mailing list