openssl-users  

Windows/I18N: Unicode characters in cert filenames

Paul Clark
Wed, 03 Feb 2010 11:06:13 -0800

Hi,
I have ported an application which uses OpenSSL 0.9.8l to Windows, using mingw. The application requires a simple CA cert installed alongside it, for which I pass the filename to X509_STORE_load_locations() so it can verify other certs it gets given during its operation (this is all custom network protocols, but fairly standard crypto). It all works fine usually...
... until, that is, it is used in China, and the user chooses to install the application (and its CA file) in a directory path which contains Chinese characters. We hit all sorts of problems with this in our own code, not least because we're using STL iostreams which have no understanding of wide character filenames (STL assumes - like every sane being - that Unicode filenames are UTF8. Not in Windows.). But we've worked around that using a platform-dependent ifstream-like construct that actually uses _wopen() and filebufs. Horrible, but it works...
The one remaining problem is now that when OpenSSL reads a file in X509_STORE_load_locations() it presumably uses standard open() or fopen() with multi-byte (UTF-8) filenames, or, equivalently, doesn't think about it at all - fair enough on every other platform, but not on Windows. 

So, in decreasing order of niceness:

0) Is this fixed in some later version than 0.9.8l?
1) Could OpenSSL on Windows use _wopen() / _wfopen() for all file operations, first converting the UTF8 to UTF-16 (wchar_t)? I'd be happy to provide code snippets for this but I have no idea where they would be needed.
(1.5) Or would it be possible to alter the Windows DLL build to provide an fopen() -> _wfopen() shim, like this:
http://pdh11.blogspot.com/2009/05/unicode-is-one-true-god-and-utf-8-is.html
2) Is there a way to push a certificate into an X509_STORE from text that I've read as PEM using my own (fixed up) file reader? Or any other way to establish a certificate chain in memory to verify from? 

Many thanks

Paul

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org