Re: Annoying Garbage characters in OIDs

Mon, 01 Aug 2005 10:21:36 -0700 

On Mon, Aug 01, 2005, Johnny Gonzalez wrote:

> Hello everybody,
> 
> I have a big problem when adding new OIDs, as these
> are getting garbage
> characters that we need to avoid in our certificates.
> Could this be the way
> I'm adding the OIDs? This is the entire context:
> 
> I have to add 3 new OIDs to my issued certificates, so
> I added them in the
> openssl.cnf config file this way:
> 
> in the new oids section I have this:
> 
> direccion = 2.5.4.9
> nit = 1.3.6.1.4.1.4710.1.3.2
> cedula = 1.3.6.1.4.1.4710.1.3.1
> 
> In the policy match section I have this:
> 
> direccion  = optional
> cedula   = optional
> nit    = optional
> 
> In the [ req_distinguished_name ] section I have this:
> 
> direccion   = Direccion
> cedula    = Cedula
> nit    = Nit
> 
> I guess this is ok, but after issuing my certificate,
> I'm getting undesired
> characters in the values of these new OIDs for
> example, this certificate has
> the 3 new OIDs I need, when I open the certificate in
> Windows (the OS we need
> to use) I get this output in the subject:
> 
> NĂºmero de serie = 9
> 
> 1.3.6.1.4.1.4710.1.3.2 = 1     
> <-------------------------------The 2 first
> characters are garbage
> 
> 1.3.6.1.4.1.4710.1.3.1 = 1     
> <-------------------------------The 2 first
> characters are garbage
> 
> STREET = cra 23                  
> <-------------------------------The 2
> first characters are garbage
> 
> CN = Prueba 1 cert
> 
> OU = Internet
> 
> O = Ubiquando
> 
> L = Bogota
> 
> S = Cundinamarca
> 
> What should I do to avoid these annoying characters in
> the value of my special
> OIDs??
> 
> Am I doing something wrong when I add the OIDs?
> 

Looks more like you are having a problem with Windows...

What it is doing when it finds an OID it doesn't recognize is to dump the
whole encoded component in the manner you describe.

So what you really need to do if you need this to display on Windows is to use
OIDs that it does recognize. 

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to