No, this is the output from "openssl x509 -text", but without "-nameopt utf8", which has no effect on the output anyway.
G. -----Original Message----- From: dry...@sky-haven.net [mailto:dry...@sky-haven.net] Sent: 19 November 2009 17:16 To: Shaw Graham George Subject: Re: Creating a certificate with Unicode characters in Issuer and Subject Scríobh Shaw Graham George: > Hi, > > I have a requirement to make some test keys/certificates that contain > Unicode (Chinese) data in the Issuer and Subject fields. Print-out > from an example certificate using "openssl x509" is: > > Issuer: C=\x00C\x00N, > ST=\x00G\x00u\x00a\x00n\x00g\x00d\x00o\x00n\x00g, > L=\x00G\x00u\x00a\x00n\x00g\x00z\x00h\x00o\x00u, > O=\x00G\x00D\x00C\x00A\x00 > \x00C\x00e\x00r\x00t\x00i\x00f\x00i\x00c\x00a\x00t\x00e\x00 > \x00A\x00u\x00t\x00h\x00o\x00r\x00i\x00t\x00y > Subject: C=\x00C\x00N, ST=^\x7FN\x1Cw\x01, L=^\x7F]\xDE^\x02, > ... UTF-8 is a means for providing Unicode glyph sequences on computers. Each Unicode character has 1 reasonable UTF-8 transform. As per my personal experience, OpenSSL does handle them. What you have in hand looks more like what happened when a certificate tool converted the output into what appears to be UTF-16 big endian, then emitted that to your terminal. Very odd. As it turns out, it looks like the CA you picked did the right thing as 0x00430x00004E is "CN". It's mainly your output program that has made ... unusual choices when asked to emit the subject and issuer to your screen; I'm assuming it wasn't OpenSSL. Anyway, yes, with the proper options on input, OpenSSL will accept a UTF-8 stream as elements in the subject and isuser DNs. I believe that OpenSSL already presumes incoming text is in UTF-8, and a "-nameopt utf8" all you need to emit UTF-8 directly to the terminal. Yours, &c Lance Dryden ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
