On Wed, Dec 02, 2009, Victor B. Wagner wrote: > When openssl ca command creates a certificate from SPKAC, it > accepts option utf8, which theoretically should make it accept any > utf8 characters and place them into certificate DN using apporpriate > ASN1 STRING type (i.e. BMP_STRING or UTF8_STRING). > > However, function certify_spkac in apps/ca.c uses function > ASN1_PRINTABLE_type to determine type of ASN1 string to use. > And this function never returns V_ASN1_BMPSTRING or V_ASN1_UTF8STRING. > > It can return only V_ASN1_PRINTABLESTRING (which is complete unsuitable > for non-latin letters), V_ASN1_T61STRING or V_ASN1_IA5STRING. > > Should it be considered a bug which can be fixed during 1.0.0 feauture > fix process or it is new feature which can appear in 1.0.x release only
Ouch! That is still using the long deprecated manual DN component construction methods. That counts as a bug in my book and I'll look into fixing it. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
