Look like a bug and a reasonable fix. Thanks. -- Principal Security Engineer, Akamai Technologies IM: [email protected]<mailto:[email protected]> Twitter: RichSalz
From: [email protected] [mailto:[email protected]] On Behalf Of Dmitry Belyavsky Sent: Saturday, October 11, 2014 12:19 PM To: [email protected] Subject: Re: [openssl.org #3557] -nameopt utf8 behaviour in openssl 1.0.1i Hello Openssl team, Any comments? Thank you! On Mon, Oct 6, 2014 at 12:07 AM, Dmitry Belyavsky via RT <[email protected]<mailto:[email protected]>> wrote: Hello OpenSSL Team, The x509 and req commands behave strangely when the nameopt utf8 is specified. beldmit@manul$ openssl x509 -text -noout -nameopt utf8 -in ./demos/cms/cacert.pem Certificate: Data: Version: 3 (0x2) Serial Number: 14395258657826892692 (0xc7c63b7adda36b94) Signature Algorithm: md5WithRSAEncryption Issuer: The output becomes correct when we specify -nameopt sep_comma_plus,utf8 The patch by Victor Wagner fixing this behaviour is attached. Thank you! -- SY, Dmitry Belyavsky --- ../openssl-1.0.1i/crypto/asn1/a_strex.c 2014-07-22 23:41:23.000000000 +0400 +++ crypto/asn1/a_strex.c 2014-10-05 19:45:32.790011154 +0400 @@ -414,6 +414,7 @@ sep_mv_len = 3; break; + case 0: case XN_FLAG_SEP_COMMA_PLUS: sep_dn = ","; sep_dn_len = 1; -- SY, Dmitry Belyavsky
