On Tue, Feb 11, 2003, Jeffrey Altman wrote: > Dr. Stephen Henson wrote: > > > > >Creating it manually would be rather difficult. You could use the mini-ASN1 > >compiler in OpenSSL 0.9.8 but it doesn't currently directly handle > >GeneralString (its not apparent why the draft should use that as opposed to > >UTF8String) I'll fix it so it does. > > > > > Kerberos is ASN.1 based. The Realm names in the current protocol > specifications use GeneralString to represent REALM names.
A quick perusal of the spec suggest that the GeneralString might contain a text representaion of a DN from RFC2253 which would be UTF8, requiring some painful character set shifting. > GeneralString is being replaced with a new type, KerberosString, in the > next revision of the protocol. If you want to read the gory details, > read Section 5.2.1 of > http://www.isi.edu/people/bcn/krb-revisions/krbclar5-4.html > Gory indeed, almost all the tagging is unnecessary AFAICS. The restraint on GeneralString may end up meaning that some DNs can't be represented. I think I'll have to go any lie down for a bit now... Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]