Re: non-ascii?

Sun, 11 Jul 1999 03:51:37 -0700 

Ben Laurie wrote:
> 
> Bodo Moeller wrote:
> >
> > "Salz, Rich" <[EMAIL PROTECTED]>:
> >
> > > I think there are some bugs in the handling of non-ascii chars...
> > > 28 $ openssl x509 -in x -text
> > [...]
> > >         X509v3 extensions:
> > [...]
> > >             2.5.29.4: critical
> > >                 0.0.0..
> > > +.....7.......
> > >             commonName:
> > >                 ..Microsoft Corporation
> > [...]
> > >             2.5.29.1:
> > > 0...U.          0i.....[...*.9..b.S2.R0P1.0...U....US1
> > > ..MSFT1200..U...)Microsoft Authenticode(tm) Root Authority...
> > >     Signature Algorithm: md5WithRSAEncryption
> > >         9a:5b:9a:0b:37:23:cb:98:ff:5b:ec:56:70:6d:55:ab:e0:0c:
> > >         4d:f8:a9:b5:76:69:a3:0a:8d:0c:4f:2a:05:96:fe:40:16:2a:
> > >         36:d2:27:da:76:6b:9a:45:04:e8:a2:83:63:1e:f9:17:61:43:
> > >         7f:39:b4:f0:12:a9:05:d8:17:c5:f5:86:40:bb:4f:02:bd:71:
> > >         2d:64:4d:17:c5:2a:dc:89:61:c1:b9:50:31:34:3c:07:26:28:
> > >         a1:58:34:b0:f4:7d:16:6e:62:9b:3b:b5:87:fb:a6:c8:33:b3:
> > >         8a:43:27:2f:b0:22:ae:1a:a8:ed:3c:a9:05:de:12:c8:b0:31:
> > [...]
> >
> > There are bytes in those octet strings that look, when interpreted as
> > ASCII, like CR and LF characters (while in fact the octet strings
> > encapsulate more DER objects); so it seems to be a feature, though a
> > questionable one, that the output starts a new line.
> 
> IMO, the output would be more useful in standard hexdump style anyway.
> 

This is what it does when it doesn't understand an extension: it uses
part of the old extension code.

There are several alternatives: for example hex dump output, ignore them
and print "<unsupported>" and ASN1 parsing them.

If there are no objections to adding an additional parameter to
X509_print() this behaviour could be made selectable.

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to