[openssl-users] OpenSSL 1.0.1l: X509_NAME_add_entry_by_txt broken?

Jörg Eyring joerg.eyring at topix.de
Wed Feb 11 08:44:21 UTC 2015

Hi all,

I'm generating a certificate request and the necessary entries are added with:

if(!X509_NAME_add_entry_by_txt(subj,"C", MBSTRING_ASC, (unsigned char *) CountryName,-1,-1,0))
if(!X509_NAME_add_entry_by_txt(subj,"O", MBSTRING_ASC, (unsigned char *) OrganizationName,-1,-1,0))
if(!X509_NAME_add_entry_by_txt(subj,"OU", MBSTRING_ASC, (unsigned char *) OrganizationUnit,-1,-1,0))

X509_NAME_add_entry_by_txt does only respect the given encoding MBSTRING_ASC for the first entry, the subsequent entries are encoded with MBSTRING_UTF8 (seen with a BER Viewer). The certificate request is declined by the authority with an error: "...doesn't contain five PRINTABLESTRING elements..."

The most recent version of OpenSSL we've been using was 1.0.1c where everything worked fine.

Any ideas what's going wrong?

Thanks, Jörg

More information about the openssl-users mailing list