On Tue, Jan 19, 2010, Kyle Hamilton wrote: > What are the new rules for canonicalization of names from UTF8 to > printableString? >
It's not the full RFC5280 algorithm. It just translates characters rather naively to lower case and performs the necessary space folding. Enough to pass the PKITS RFC3280 tests. It also strips off the outer SEQUENCE header so it can be rapidly used to check name constraints. The encoding of that lot is shoved through SHA1. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
