On Tue, Nov 12, 2002 at 02:02:33PM +0100, Dr. Stephen Henson wrote: > This is an alighty can of worms... > > If you want to use OpenSSL to generate these things you can mess around with > the config files to accept input as UTF8 and you have to arrange the terminal > to output UTF8 sequences, or whatever method you use. > > ...
Interesting responses. Does this actually imply that PKI's in general don't support non-ASCII well, or is this specifically an integration issue I'm facing as I'm pulling data out of one system (LDAP) and injecting it into OpenSSL? I mean, how do "commercial packages" handle non-ASCII? e.g. Microsoft CA? The reality is that I am pulling user details out of an Active Directory LDAP environment, and want to generate certs. Supposedly this all works under M$ CA integrated with Active Directory - of course Active Directory could be supplying such details in Unicode to M$ CA whereas it shows up as a ASCII-8bit charset via LDAP... Would a good plan be to: 1.> find out what charset LDAP returns in 2.> find a way to translate those strings into unicode 3.> feed the result into OpenSSL with "string_mask=utf8only" ? I see there's a warning saying that utf8only can crash some versions of Netscape, but only the people with 8bit names are going to ever see these certs anyway, and if their browser crashes on it, well - that's there problem :-) Thanks -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
