[openssl-dev] [openssl.org #4273] explicitText encoding
Klein Marek via RT
rt at openssl.org
Tue Jan 26 15:44:41 UTC 2016
Hello,
I came across a problem while I was creating a certificate.
I tried to set encoding type of the explicitText in Certificate Policies to
utf-8 by prependig a
corresponding tag in my .cnf file, as shown in the following example.
...
userNotice.1=@noticesec1
[ noticesec1 ]
explicitText= UTF8:UTF8 encoded explicit text
...
However, the tag was ignored and handled as a part of the explicitText,
and the type was set to VISIBLESTRING. I examined the code and found
that the type of explicitText is hardcoded and always set to VISIBLESTRING.
It is defined in RFC 5280 that the explicitText in a UserNotice is
DisplayText,
which can be of UTF8String, VisibleString, BMPString or IA5String type.
Please see the following pull request
https://github.com/openssl/openssl/pull/576,
which fixes the issue.
This patch allows user to decide for the type of explicitText by prepending
it by
UTF8, UTF8String, IA5STRING, IA5, BMPSTRING, BMP, VISIBLE or VISIBLESTRING.
(as in nconf)
Original functionality was preserved.
Please let me know if you want me to modify the patch.
Kind Regards / S pozdravom
Marek Klein
Disig, a.s.
Zahradnicka 151, 821 08 Bratislava 2
<mailto:marek.klein at disig.sk> marek.klein at disig.sk
<http://www.disig.sk> www.disig.sk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5187 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160126/df93e431/attachment.bin>
More information about the openssl-dev
mailing list