At 16:51 12.11.2002 +1300, you wrote:
Hi thereI want to generate certs from our internal LDAP server. We have people from all over the world here, and so some of these entries have 8bit chars in their names (shock! horror!) Now I went off and generated a cert for one "Frank Österberg" (that's an "O" with two dots on top), and when I "vi" the PEM afterwards I see "\xD6sterberg". However, under Mozilla Import, the name shows up as "A?sterberg" (the A has two dots on top) - not the same thing. Is this an issue with the Unix (Linux BTW) system doing some ISO charset, but Openssl expecting unicode? If so, what is the correct way to do this? Thanks in advance for any help - my poor ASCII brain is feeling overwhelmed :-) -- Cheers Jason Haar
You didn't exactly specify whether your problem is with LDAP or with
Certificates.
With certificates, Each RDN (that's a relative distinguished name, like C=DE)
may can encoded in a number of encoding. C=DE would be probably
PRINTABLE-STRING. Other popular ones are IA5/7bitASCII, T61/TELETEX,
BMP/UCS-2 or UTF8.
In T61, an Ö (0x00D6) would be 0xc8 0x4F.
In BMP it would be 0x00 0xD6.
In UTF8, it would be 0xc3 0x96.
Problem is, I don't know any encoding that would translate an Ö
(unicode 0x00D6) into \xD6. Really. the ANSI or Latin-1 or
whatever you want to call it is not a featured charset in certificate encoding.
So. Your certificate is wrong.
With LDAP, charsets are even worse. Read some RFCs. ww.rfc-editor.org
has a search engine, type "LDAP".
To find out what encoding your "\xD6sterberg" is, check the two bytes before it.
the 1st would be the type, then the length.
Jörn
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
