I'll be waiting for it Thanks Steve
Juan Angel -----Mensaje original----- De: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] En nombre de Dr. Stephen Henson Enviado el: miércoles, 10 de octubre de 2012 2:05 Para: openssl-users@openssl.org Asunto: Re: CN > 64 chars On Wed, Oct 10, 2012, Dr. Stephen Henson wrote: > On Tue, Oct 09, 2012, Juan Angel Martin Gomez [AC Camerfirma] wrote: > > > Hello, > > > > > > > > Im trying to make a CSR with a CN that has more than 64 chars > > > > > > > > I know that the upper bound is 64 chars, but I can see in the RFC > > 5280 this > > note: > > > > > > > > -- Note - upper bounds on string types, such as TeletexString, are > > > > -- measured in characters. Excepting PrintableString or IA5String, > > a > > > > -- significantly greater number of octets will be required to hold > > > > -- such a value. As a minimum, 16 octets, or twice the specified > > > > -- upper bound, whichever is the larger, should be allowed for > > > > -- TeletexString. For UTF8String or UniversalString at least four > > > > -- times the upper bound should be allowed. > > > > I used in the config file string_mask = utf8only, but I get the error again: > > > > 2072:error:0D07A097:asn1 encoding > > routines:ASN1_mbstring_ncopy:string too > > long:.\crypto\asn1\a_mbstr.c:154:maxsize=64 > > > > > > Can you help me? > > > > Changing this requires source modification. In the file > crypto/asn1/a_strnid.c there is a table with NID_commonName in it and > a value of ub_common_name (set to 64) against it. If you change that value it will permit larger values. > > I'd regard the current behaviour as a bug: it should handle multi-byte > characters properly. > Actually looking at the code it does handle multi byte characters properly. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org