Victor Duchovni <[EMAIL PROTECTED]> writes: >It took reading the code to determine the following: > > - ASN.1 Strings extracted from X.509v3 certs are not validated for > conformance with the declared character syntax. Strings of type > PrintableString or IA5String may hold non-printable or non-ASCII > data.
Just a word in OpenSSL's defence, see the X.509 Style Guide for the reasoning behind this. I don't think any ASN.1-using security toolkit since TIPEM has done character-set checking, it would fail to verify a large chunk of the certs out there (I once had a TIPEM user complain to me that they had to stop using it specifically because it would reject invalid character strings, which encompassed a nontrivial portion of their user base). Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]