Hi there,
Commit 3009244da47b989c4cc59ba02cf81a4e9d8f8431 changed the global_mask to
B_ASN1_UTF8STRING (see bellow).
The mask is used to determine the least type of a string and the change
practically makes this scan (as performed by type_str()) a no-op since the
results is now always B_ASN1_UTF8STRING. This breaks compatibility.
As a result of the change, all newly generated certificates have the relevant
parts of the name set as UTF8 strings. This for example broke racoon's usage
of certificates when it's using an older version while the certificates are
being generated by a newer version, because the name comparison it performs,
now fails.
I'm not sure whether this change is needed at all as there's no justification
for it. Please consider reverting it ASAP as it's backwards incompatible and
if needed stage it for a major release instead.
Bellow is the relevant commit:
------
commit 3009244da47b989c4cc59ba02cf81a4e9d8f8431
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Sun Jun 1 15:03:00 2014 +0100
Set default global mask to UTF8 only.
diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c
index dedc488..8993264 100644
--- a/crypto/asn1/a_strnid.c
+++ b/crypto/asn1/a_strnid.c
@@ -74,7 +74,7 @@ static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
* certain software (e.g. Netscape) has problems with them.
*/
-static unsigned long global_mask = 0xFFFFFFFFL;
+static unsigned long global_mask = B_ASN1_UTF8STRING;
void ASN1_STRING_set_default_mask(unsigned long mask)
{
------
Thanks,
Stefanos
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
