error: ASN1_mbstring_ncopy:illegal characters
Viktor Dukhovni
openssl-users at dukhovni.org
Wed Apr 12 03:04:46 UTC 2023
On Tue, Apr 11, 2023 at 11:40:10PM +1000, raf via openssl-users wrote:
> I'm trying to create a CSR for an SMIME certificate for
> an email address with non-ASCII characters (localpart
> and domain), and I'm getting this error after entering
> äbç@être.org as the email address:
You can't do that with rfc822Name, its syntax is by definition
restricted to printable ASCII (IA5String):
https://datatracker.ietf.org/doc/html/rfc5280#page-38
GeneralName ::= CHOICE {
otherName [0] OtherName,
rfc822Name [1] IA5String,
dNSName [2] IA5String,
x400Address [3] ORAddress,
directoryName [4] Name,
ediPartyName [5] EDIPartyName,
uniformResourceIdentifier [6] IA5String,
iPAddress [7] OCTET STRING,
registeredID [8] OBJECT IDENTIFIER }
OtherName ::= SEQUENCE {
type-id OBJECT IDENTIFIER,
value [0] EXPLICIT ANY DEFINED BY type-id }
To create certificates for non-ASCII email addresses you need:
https://datatracker.ietf.org/doc/html/rfc8398#section-3
id-on-SmtpUTF8Mailbox OBJECT IDENTIFIER ::= { id-on 9 }
SmtpUTF8Mailbox ::= UTF8String (SIZE (1..MAX))
--
Viktor.
More information about the openssl-users
mailing list