On Mon, Jul 21, 2014 at 08:29:47PM +0200, Stefanos Harhalakis via RT wrote: > Hi there, > > Commit 3009244da47b989c4cc59ba02cf81a4e9d8f8431 changed the global_mask to > B_ASN1_UTF8STRING (see bellow). > > The mask is used to determine the least type of a string and the change > practically makes this scan (as performed by type_str()) a no-op since the > results is now always B_ASN1_UTF8STRING. This breaks compatibility. > > As a result of the change, all newly generated certificates have the relevant > parts of the name set as UTF8 strings. This for example broke racoon's usage > of certificates when it's using an older version while the certificates are > being generated by a newer version, because the name comparison it performs, > now fails.
I'm not sure I understand. Is there maybe a problem that the CA certificate used something other than UTF-8 and that new generated certificates use UTF-8 in the issuer and so the chain validation fails? Please note that you can set the old behavior back with the ASN1_STRING_set_default_mask() call. Kurt ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
