Hi,
I have relevant question in this regard
I have set the value of commonName_max = 5 in openssl.cnf
Generate self signed certificate using -subj option
# openssl req -x509 -out cacert.pem -new -keyout cakey.pem -subj /C=INN/ST=TamilNadu/L=CBE/O=test/CN=xxxxxxxxxx -nodes
# openssl req -x509 -out cacert.pem -new -keyout cakey.pem -subj /C=INN/ST=TamilNadu/L=CBE/O=test/CN=xxxxxxxxxx -nodes
Successful
Here the commonName_max limit is not referred from the openssl.cnf file
Generate self signed certificate by asking the user for information
# openssl req -x509 -out cacert.pem -new -keyout cakey.pem -nodes
Common Name (eg, YOUR name) []:xxxxxxxxxx
string is too long, it needs to be less than 5 bytes long
Fails
# openssl req -x509 -out cacert.pem -new -keyout cakey.pem -nodes
Common Name (eg, YOUR name) []:xxxxxxxxxx
string is too long, it needs to be less than 5 bytes long
Fails
Here the commonName_max limit is referred from the openssl.cnf file and an error occurs
This seems to be an inconsistent behaviour.
I have suggested a probable solution at
Regards,
Prakash
"Dr. Stephen Henson" <[EMAIL PROTECTED]> wrote:
"Dr. Stephen Henson" <[EMAIL PROTECTED]> wrote:
On Wed, Nov 09, 2005, Ken Campbell wrote:
> I'm trying to get started with SSL. I've installed Win32OpenSSL-v0.9.8a
> on a Windows 2003 Server box with Apache 2.0.55 running. I've got as
> far as:
>
> openssl req -new -key myserver.key -out myserver.csr (where
> myserver.key exists)
>
> As soon as I get to the following prompt things get a little bizarre:
>
> Country Name (2 letter code) [AU]:
> String is too short, it needs to be at least 2 bytes long
> Country Name (2 letter code) [AU]:GB
> String is too long, it needs to be less than 2 bytes long
> Country Name (2 letter code) [AU]:.
> 2712:error:0D11A09E:asn1 encoding routines:ASN1_mbstring_copy:illegal
> characters:.\crypto\asn1\a_mbstr.c:162:
>
> Can anyone tell me what strings are >= 2 bytes & also < 2 bytes and how
> I might get past this?
>
I suspect that some additional characters are appearing when OpenSSL uses
fgets() to prompt for the string. Possibly it puts CRLF at the end instead
of just LF.
You could try adding:
if (buf[i-2] == '\r')
i--;
before the line:
buf[--i]='\0';
in apps/req.c around line 1567.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Yahoo! FareChase - Search multiple travel sites in one click.
