Hello Steve, and thanks for the reply, How can I find out what on my system (and Ive created two different machines with same problem) is making this behaviour? can you give me some help or clue?
Im following all the howtos and docs in the Net on how to setup apache+mod_ssl+mod_authz_ldap+openldap and this issue is driving me nuts. If the problem is not on openssl then I think theres only two other places it could be: Apache, or the original certificate? Am I thinking right?... Can you help me on the following test please? download from https://pki.cartaodecidadao.pt/publico/certificado/cc_ec_cidadao_autenticacao/ any of the "server side" certificates from this CA and see their contents As I think they are in DER format so I use openssl x509 -inform DER -in xxxxxx.cer -noout -text what I get is: Certificate: Data: Version: 3 (0x2) Serial Number: 59:a6:59:d4:97:e2:86:26 Signature Algorithm: sha1WithRSAEncryption Issuer: CN=Cart\xC3\xA3o de Cidad\xC3\xA3o 001, OU=ECEstado, O=SCEE - Sistema de Certifica\xC3\xA7\xC3\xA3o Electr\xC3\xB3nica do Estado, C=PT Validity Not Before: Jan 29 21:32:58 2007 GMT Not After : Mar 30 21:42:58 2013 GMT Subject: CN=EC de Autentica\xC3\xA7\xC3\xA3o do Cart\xC3\xA3o de Cidad\xC3\xA3o 0001, OU=subECEstado, O=Cart\xC3\xA3o de Cidad\xC3\xA3o, C=PT Subject Public Key Info: etc, etc So, this is invalid information on the certificate itself?? Can you kindly make the same test and see what you get? Thankyou Luis > Date: Tue, 27 Apr 2010 12:30:07 +0200 > From: st...@openssl.org > To: openssl-users@openssl.org > Subject: Re: bad characters encoded on ssl logs coming from x509 cert > > On Tue, Apr 27, 2010, Luis Neves wrote: > > > Hi to all, > > > > I have this data on ssl_error_log, coming from a client certificate > > > > [Fri Apr 23 14:13:26 2010] [debug] ssl_engine_kernel.c(1219): > > Certificate Verification: depth: 2, subject: /CN=Cart\\xC3\\xA3o de > > Cidad\\xC3\\xA3o 001/OU=ECEstado/O=SC > > EE - Sistema de Certifica\\xC3\\xA7\\xC3\\xA3o Electr\\xC3\\xB3nica do > > Estado/C=PT, issuer: /C=PT/O=SCEE/CN=ECRaizEstado > > [Fri Apr 23 14:13:26 2010] [debug] ssl_engine_kernel.c(1219): > > Certificate Verification: depth: 1, subject: /C=PT/O=Cart\\xC3\\xA3o > > de Cidad\\xC3\\xA3o/OU=subECEstado/CN=EC de > > Autentica\\xC3\\xA7\\xC3\\xA3o do Cart\\xC3\\xA3o de Cidad\\xC3\\xA3o > > 0003, issuer: /CN=Cart\\xC3\\xA3o de Cidad\\xC3\\xA3o > > 001/OU=ECEstado/O=SCEE - Sistema de Certifica\\xC3\\xA7\\xC3\\xA3o > > Electr\\xC3\\xB3nica do Estado/C=PT > > [Fri Apr 23 14:13:26 2010] [debug] ssl_engine_kernel.c(1219): > > Certificate Verification: depth: 0, subject: /C=PT/O=Cart\\xC3\\xA3o > > de Cidad\\xC3\\xA3o/OU=Autentica\\xC3\\xA7\\xC3\\xA3o do > > Cidad\\xC3\\xA3o/OU=Cidad\\xC3\\xA3o Portugu\\xC3\\xAAs/SN=FIGUEIREDO > > CORREIA DAS NEVES/GN=LU\\xC3\\x8DS > > MIGUEL/serialNumber=BI098289861/CN=LU\\xC3\\x8DS MIGUEL FIGUEIREDO > > CORREIA DAS NEVES, issuer: /C=PT/O=Cart\\xC3\\xA3o de > > Cidad\\xC3\\xA3o/OU=subECEstado/CN=EC de > > Autentica\\xC3\\xA7\\xC3\\xA3o do Cart\\xC3\\xA3o de Cidad\\xC3\\xA3o > > 0003 > > > > this is the data that is coming from the client? > > > > the '\x' characters are making mod_authz_ldap failing querying the > > ldap server and returning "Bad search filter" instead > > > > why this \'x' is appearing here, and how do I am suposed to control it? > > > > The original text on the the certificate is: > > O=Cartão de Cidadão > > CN=EC de Autenticação do Cartão de Cidadão > > > > PS: Im using Apache 2.2.3 on a Centos 5.4, against openldap > > > > The \x characters are caused by something escaping the UTF8 format characters > in the certificate. This isn't an OpenSSL issue as such but might be down to > the application using the long deprecated X509_NAME_oneline() function instead > of X509_NAME_print_ex(). > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org _________________________________________________________________ Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. https://signup.live.com/signup.aspx?id=60969
