[openssl-users] Strictness of comparing distinguished names

Jakob Bohm jb-openssl at wisemo.com
Fri Oct 2 14:08:06 UTC 2015

Dear list,

I have encountered a behavior difference between the CMS
routines in OpenSSL and the equivalent functionality in
another CMS implementation, and I wonder which is the
correct behavior.

I was examining a CMS signature made by someone else and
found that some implementations accepted it as valid while
others said it was not valid.

In this particular CMS signature, the distinguished name
of the certificate issuer is encoded slightly differently
in the certificate and in the PKCS#7 SignerInfo structure.

Specifically, one element of the name is tagged as a
T61STRING in the actual certificate, but as a UTF8STRING
in the SignerInfo.issuerAndSerialNumber.issuer field.
This name element is actually pure 7 bit printable ASCII
(letters and underscores) in this particular case, so the
two encodings have the same length and the same content-
bytes, only different tag bytes.

I found that openssl accepts this difference, while at
least one Java version does not.

So I am wondering what the officially correct behavior is
when verifying such a case.  Should the
SignerInfo.issuerAndSerialNumber.issuer be treated as
matching or as not matching a certificate in which an
otherwise identical string is tagged differently but
represents the same textual value (because it uses only
the common subset of the two string encodings)?

Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151002/78ec520b/attachment.html>

More information about the openssl-users mailing list