My brain is being slowly roasted trying to grok the profusion of ASN1
string encodings.
I am trying to write a small C app that generates and signs
certificate requests, but I am having trouble finding which encoding
to use. The PKIX RFC recommends UTF8Strings, but allows the
following:
> (a) if the character set is sufficient, the string MAY be
> represented as a PrintableString;
>
> (b) failing (a), if the BMPString character set is sufficient the
> string MAY be represented as a BMPString; and
>
> (c) failing (a) and (b), the string MUST be represented as a
> UTF8String. If (a) or (b) is satisfied, the CA MAY still choose
> to represent the string as a UTF8String.
A browse through the openssl code shows that it tries to use
PrintableStrings, then IA5Strings, then T61Strings. I expect that
this is mainly for compatibility with existing software.
This leaves me pretty confused as to how to encode my DN
components. Can anyone explain this or point me in the right
direction?
TIA,
Damien Miller
--
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.ilogic.com.au/~dmiller
| Email: [EMAIL PROTECTED] (home) -or- [EMAIL PROTECTED] (work)
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
