On Fri, Apr 01, 2011, Martin Kaiser wrote: > Dear all, > > I'm trying to create an X.509 certificate whose subject/issuer name > contains an ampersand & character. OpenSSL is encoding this as > T61String/TeletexString. I understand how this decision is made in > ASN1_mbstring_ncopy(). > > Reading RFC3280, section 4.1.2.4 says about DNs > > "... and all certificates issued after December 31, 2003 MUST use the > UTF8String encoding of DirectoryString ..." > > Is there a mismatch between OpenSSL and RFC3280 or am I misunderstanding > something? >
Have a look at the string_mask setting in openssl.cnf it should be changed to utf8only. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
