Kurt Roeckx <k...@roeckx.be> writes: >I have yet to see a certificate that doesn't just put latin1 in it, which >should get rejected.
There were some Deutsche Telekom certificates from the late 1990s that used T61String floating diacritics for which I had some custom code to identify the two-character sequences and convert them to latin-1, which things could actually understand (this was slightly risky because some of those are also plausible latin-1 combinations, so the code checked specifically for likely umlauted a, o and u). That was one of the certs I referred to earlier where we were unable to identify anything that could display them, except possibly custom apps also from Deutsche Telekom. In any case the next release of the certs moved to latin-1, presumably in response to complaints that their certs contained garbage strings that nothing could display. So the most sensible approach would be to assume T61String = latin1, at least that way what a CA puts in a cert will display OK. Just out of interest, which country did the T61String-containing cert come from? With which interpretation of T61String did the resulting strings display correctly? Were they in fact latin-1? Peter. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy