[openssl-dev] openssl x509 -text incorrectly displays non-latin (non-ansi) symbols (missed '-utf8 option?)

Ikonta ikonta at yandex.ru
Thu Mar 5 14:53:13 UTC 2015 

Good day!

Thank you!

I've referenced to^
$ openssl x509 --help
and find no keys to answer.
Maybe it will be good to extend
-nameopt arg    - various certificate name options
to something like
-nameopt arg    - various certificate name options (including output codepage, i.e. utf8 etc)

man openssl-x509
is well enough.

What is the reason of keeping non-utf8 default output codepage 11 years after switching default string_mask to utf8?


P.S. I have one more similiar question (to my mind for openssl-dev list).
Is it appropriate to ask it directly here, or it will be better to try openssl-users first?

02.03.2015, 13:04, "Erwann Abalea" <erwann.abalea at opentrust.com>:
> Probably an openssl-users question.
>
> Use "openssl x509 -text -in localhost-server.crt -nameopt
> oneline,utf8,-esc_msb"
> Your terminal must be able to display UTF8 sequences.
>
> I sometimes add the "show_type" nameopt option, to check things.
>
> --
> Erwann ABALEA
>
> Le 02/03/2015 06:58, Ikonta a écrit :
>>  AFAIR in 2004 openssl switched to UTF8 as default bitmask in certificate.
>>  But ANSI extension's of utf8 support is still incomplete:
>>
>>  $ openssl x509 -text -in localhost-server.crt
>>  Certificate:
>>       Data:
>>           Version: 3 (0x2)
>>           Serial Number: 1 (0x1)
>>       Signature Algorithm: sha256WithRSAEncryption
>>           Issuer: C=RU, ST=\xD0\xA2\xD0\xB5\xD1\x81\xD1\x82, L=\xD0\xA2\xD0\xB5\xD1\x81\xD1\x82, O=\xD0\xA2\xD0\xB5\xD1\x81\xD1\x82, OU=Apache, CN=\xD1\x82\xD0\xB5\xD1\x81\xD1\x82\xD0\xBE\xD0\xB2\xD1\x8B\xD0\xB9 \xD0\xA6\xD0\x90/emailAddress=root at localhost
>>           Validity
>>               Not Before: Feb  6 08:28:23 2015 GMT
>>               Not After : Sep 15 08:28:23 2020 GMT
>>           Subject: C=RU, ST=\xD0\xA2\xD0\xB5\xD1\x81\xD1\x82, O=\xD0\xA2\xD0\xB5\xD1\x81\xD1\x82, OU=Apache web server, CN=localhost/emailAddress=apache at localhost
>>>>  (not attaching exanple certificate file because mail list seems to reject such letters)
>>  displays utf8 symbol codes instead of expected human-readably letters (in this case —  cyrillic), shown after import this certificate into browser's profile.
>>
>>  Probably adding -utf8 option for x509 command should fix this particular issue.
>>
>>  P.S. I use =dev-libs/openssl-1.0.1k amd64 build on Gentoo GNU/Linux.
>>  _______________________________________________
>>  openssl-dev mailing list
>>  To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
>
> _______________________________________________
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

More information about the openssl-dev mailing list