Re: [openssl-dev] openssl x509 -text incorrectly displays non-latin (non-ansi) symbols (missed '-utf8 option?)
Good day! Thank you! I've referenced to^ $ openssl x509 --help and find no keys to answer. Maybe it will be good to extend -nameopt arg- various certificate name options to something like -nameopt arg- various certificate name options (including output codepage, i.e. utf8 etc) man openssl-x509 is well enough. What is the reason of keeping non-utf8 default output codepage 11 years after switching default string_mask to utf8? P.S. I have one more similiar question (to my mind for openssl-dev list). Is it appropriate to ask it directly here, or it will be better to try openssl-users first? 02.03.2015, 13:04, Erwann Abalea erwann.aba...@opentrust.com: Probably an openssl-users question. Use openssl x509 -text -in localhost-server.crt -nameopt oneline,utf8,-esc_msb Your terminal must be able to display UTF8 sequences. I sometimes add the show_type nameopt option, to check things. -- Erwann ABALEA Le 02/03/2015 06:58, Ikonta a écrit : AFAIR in 2004 openssl switched to UTF8 as default bitmask in certificate. But ANSI extension's of utf8 support is still incomplete: $ openssl x509 -text -in localhost-server.crt Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: C=RU, ST=\xD0\xA2\xD0\xB5\xD1\x81\xD1\x82, L=\xD0\xA2\xD0\xB5\xD1\x81\xD1\x82, O=\xD0\xA2\xD0\xB5\xD1\x81\xD1\x82, OU=Apache, CN=\xD1\x82\xD0\xB5\xD1\x81\xD1\x82\xD0\xBE\xD0\xB2\xD1\x8B\xD0\xB9 \xD0\xA6\xD0\x90/emailAddress=root@localhost Validity Not Before: Feb 6 08:28:23 2015 GMT Not After : Sep 15 08:28:23 2020 GMT Subject: C=RU, ST=\xD0\xA2\xD0\xB5\xD1\x81\xD1\x82, O=\xD0\xA2\xD0\xB5\xD1\x81\xD1\x82, OU=Apache web server, CN=localhost/emailAddress=apache@localhost … (not attaching exanple certificate file because mail list seems to reject such letters) displays utf8 symbol codes instead of expected human-readably letters (in this case — cyrillic), shown after import this certificate into browser's profile. Probably adding -utf8 option for x509 command should fix this particular issue. P.S. I use =dev-libs/openssl-1.0.1k amd64 build on Gentoo GNU/Linux. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] openssl x509 -text incorrectly displays non-latin (non-ansi) symbols (missed '-utf8 option?)
Bonjour, Probably an openssl-users question. Use openssl x509 -text -in localhost-server.crt -nameopt oneline,utf8,-esc_msb Your terminal must be able to display UTF8 sequences. I sometimes add the show_type nameopt option, to check things. -- Erwann ABALEA Le 02/03/2015 06:58, Ikonta a écrit : AFAIR in 2004 openssl switched to UTF8 as default bitmask in certificate. But ANSI extension's of utf8 support is still incomplete: $ openssl x509 -text -in localhost-server.crt Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: C=RU, ST=\xD0\xA2\xD0\xB5\xD1\x81\xD1\x82, L=\xD0\xA2\xD0\xB5\xD1\x81\xD1\x82, O=\xD0\xA2\xD0\xB5\xD1\x81\xD1\x82, OU=Apache, CN=\xD1\x82\xD0\xB5\xD1\x81\xD1\x82\xD0\xBE\xD0\xB2\xD1\x8B\xD0\xB9 \xD0\xA6\xD0\x90/emailAddress=root@localhost Validity Not Before: Feb 6 08:28:23 2015 GMT Not After : Sep 15 08:28:23 2020 GMT Subject: C=RU, ST=\xD0\xA2\xD0\xB5\xD1\x81\xD1\x82, O=\xD0\xA2\xD0\xB5\xD1\x81\xD1\x82, OU=Apache web server, CN=localhost/emailAddress=apache@localhost … (not attaching exanple certificate file because mail list seems to reject such letters) displays utf8 symbol codes instead of expected human-readably letters (in this case — cyrillic), shown after import this certificate into browser's profile. Probably adding -utf8 option for x509 command should fix this particular issue. P.S. I use =dev-libs/openssl-1.0.1k amd64 build on Gentoo GNU/Linux. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] openssl x509 -text incorrectly displays non-latin (non-ansi) symbols (missed '-utf8 option?)
AFAIR in 2004 openssl switched to UTF8 as default bitmask in certificate. But ANSI extension's of utf8 support is still incomplete: $ openssl x509 -text -in localhost-server.crt Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: C=RU, ST=\xD0\xA2\xD0\xB5\xD1\x81\xD1\x82, L=\xD0\xA2\xD0\xB5\xD1\x81\xD1\x82, O=\xD0\xA2\xD0\xB5\xD1\x81\xD1\x82, OU=Apache, CN=\xD1\x82\xD0\xB5\xD1\x81\xD1\x82\xD0\xBE\xD0\xB2\xD1\x8B\xD0\xB9 \xD0\xA6\xD0\x90/emailAddress=root@localhost Validity Not Before: Feb 6 08:28:23 2015 GMT Not After : Sep 15 08:28:23 2020 GMT Subject: C=RU, ST=\xD0\xA2\xD0\xB5\xD1\x81\xD1\x82, O=\xD0\xA2\xD0\xB5\xD1\x81\xD1\x82, OU=Apache web server, CN=localhost/emailAddress=apache@localhost … (not attaching exanple certificate file because mail list seems to reject such letters) displays utf8 symbol codes instead of expected human-readably letters (in this case — cyrillic), shown after import this certificate into browser's profile. Probably adding -utf8 option for x509 command should fix this particular issue. P.S. I use =dev-libs/openssl-1.0.1k amd64 build on Gentoo GNU/Linux. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: -utf8 option
On 02-03-26 12:09:59 CET, Robert Joop wrote: On 02-03-25 18:03:56 CET, Stephen Sprunk wrote: Here's the more interesting question: why do we have a switch for UTF-8 encoding, instead of determining it from the user's locale? what is the canonical way to detect this? following up to myself... one can find a number of recipes here: http://www.cl.cam.ac.uk/~mgk25/unicode.html#activate the -utf8 should be left there anyway as an additional option, because some systems don't have proper locale software? while this is quite elegant: #include locale.h #include langinfo.h main() { setlocale (LC_CTYPE, ); printf (cs=%s\n, nl_langinfo (CODESET)); } it doesn't work on freeBSD (it lacks nl_langinfo()). rj __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: -utf8 option
At 01:14 PM 3/26/02 +0100, you wrote: On 02-03-26 12:09:59 CET, Robert Joop wrote: On 02-03-25 18:03:56 CET, Stephen Sprunk wrote: Here's the more interesting question: why do we have a switch for UTF-8 encoding, instead of determining it from the user's locale? what is the canonical way to detect this? Have you guys forgotten that the client and server are on different ends of the wire? Which end of the wire is going to use the certificate? Which end of the wire is creating the certificate? The switch has to be there to allow creation of certificates, etc for use other than on the local system. following up to myself... one can find a number of recipes here: http://www.cl.cam.ac.uk/~mgk25/unicode.html#activate the -utf8 should be left there anyway as an additional option, because some systems don't have proper locale software? while this is quite elegant: #include locale.h #include langinfo.h main() { setlocale (LC_CTYPE, ); printf (cs=%s\n, nl_langinfo (CODESET)); } it doesn't work on freeBSD (it lacks nl_langinfo()). rj __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: -utf8 option
On 02-03-26 15:01:37 CET, George Rogers wrote: Have you guys forgotten that the client and server are on different ends of the wire? Which end of the wire is going to use the certificate? Which end of the wire is creating the certificate? The switch has to be there to allow creation of certificates, etc for use other than on the local system. this is command line usage, no client-server relationship. it's about printing the certificate contents to the parent process' stdout, or getting the certificate contents from the parent process' stdin, resp. (openssl x509, spkac, req, etc...) rj __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
-utf8 option
the explanation of the -utf8 option doesn't make sense, does it? quote src=http://www.openssl.org/docs/apps/req.html; -utf8 this option causes field values to be interpreted as UTF8 strings, by default they are interpreted as ASCII. This means that the field values, whether prompted from a terminal or obtained from a configuration file, must be valid UTF8 strings. quote ASCII is a proper subset of UTF-8, rendering the -utf8 totally superfluous? i guess what is meant is ISO 8859-1 instead of ASCII? (ISO 8859-1 and UTF-8 are conflicting encodings, whereas ASCII and UTF-8 are not.) rj __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: -utf8 option
Thus spake Robert Joop: the explanation of the -utf8 option doesn't make sense, does it? quote src=http://www.openssl.org/docs/apps/req.html; -utf8 this option causes field values to be interpreted as UTF8 strings, by default they are interpreted as ASCII. This means that the field values, whether prompted from a terminal or obtained from a configuration file, must be valid UTF8 strings. quote ASCII is a proper subset of UTF-8, rendering the -utf8 totally superfluous? i guess what is meant is ISO 8859-1 instead of ASCII? I think the document means 8-bit characters in an unspecified code page instead of ASCII; however, there's no short term for that. (ISO 8859-1 and UTF-8 are conflicting encodings, whereas ASCII and UTF-8 are not.) Here's the more interesting question: why do we have a switch for UTF-8 encoding, instead of determining it from the user's locale? S -- Stephen Sprunk So long as they don't get violent, I want to CCIE #3723 let everyone say what they wish, for I myself have K5SSSalways said exactly what pleased me. --Albert Einstein __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]