RE: CN > 64 chars

Wed, 10 Oct 2012 20:26:58 -0700 

I'll be waiting for it

Thanks Steve



Juan Angel


-----Mensaje original-----
De: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
En nombre de Dr. Stephen Henson
Enviado el: miércoles, 10 de octubre de 2012 2:05
Para: openssl-users@openssl.org
Asunto: Re: CN > 64 chars

On Wed, Oct 10, 2012, Dr. Stephen Henson wrote:

> On Tue, Oct 09, 2012, Juan Angel Martin Gomez [AC Camerfirma] wrote:
> 
> > Hello,
> > 
> >  
> > 
> > I’m trying to make a CSR with a CN that has more than 64 chars
> > 
> >  
> > 
> > I know that the upper bound is 64 chars, but I can see in the RFC 
> > 5280 this
> > note:
> > 
> >  
> > 
> > -- Note - upper bounds on string types, such as TeletexString, are
> > 
> > -- measured in characters.  Excepting PrintableString or IA5String, 
> > a
> > 
> > -- significantly greater number of octets will be required to hold
> > 
> > -- such a value.  As a minimum, 16 octets, or twice the specified
> > 
> > -- upper bound, whichever is the larger, should be allowed for
> > 
> > -- TeletexString.  For UTF8String or UniversalString at least four
> > 
> > -- times the upper bound should be allowed.
> > 
> > I used in the config file string_mask = utf8only, but I get the error
again:
> > 
> > 2072:error:0D07A097:asn1 encoding 
> > routines:ASN1_mbstring_ncopy:string too
> > long:.\crypto\asn1\a_mbstr.c:154:maxsize=64
> > 
> > 
> > Can you help me?
> > 
> 
> Changing this requires source modification. In the file 
> crypto/asn1/a_strnid.c there is a table with NID_commonName in it and 
> a value of ub_common_name (set to 64) against it. If you change that value
it will permit larger values.
> 
> I'd regard the current behaviour as a bug: it should handle multi-byte 
> characters properly.
> 

Actually looking at the code it does handle multi byte characters properly. 

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to