On 2007.12.19 at 11:40:32 -0600, William A. Rowe, Jr. wrote: > Victor Wagner wrote: > >On 2007.12.19 at 10:10:54 +0100, Yann wrote: > > > >>The changes regarding X509V3_EXT_print() seems more problematic since the > >>extensions values are used in string > >>comparison (strcmp and likes), hence the "human readable version", and > >>the > > > >I hope that saying "human readable" you mean utf-8? > >I'd say that "\x04\x14\x04<[EMAIL PROTECTED] > >49\x00 \x04\x11\x045\x04" hardly means "human readable" > > Uhm - I hope you don't have such patterns in utf-8 strings.
This pattern - is perfectly readable russian name from certificate CN, which was printed out such way by now deprecated X509_NAME_oneline function. You see - just escape sequences instead of readable Cyrillic. X509_NAME_oneline always has ASN1_STRFLGS_ESC_MSB flag turned on (and doesn't allow to specify other flags). This flag is still on by default in non-deprecated functions. Problem is that ASN.1 has different types of strings. In this case name was encoded as BMBString rather than UTF8String. And X509_NAME_oneline doesn't do CONVERSION to Utf8. More recent ASN1_STRING_print_ex function, which is applicable to extensions as well as to common name supports internal conversion to UTF8. It's important to not forget ASN1_STRFLGS_UTF8_CONVERT. Manual page for ASN1_STRING_print_ex recommends (ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB) flag combination for proper handling of non-Latin characters. It is worth noting that result would be UTF-8. OpenSSL wouldn't convert strings to system default locale. But typically all modern OSes can handle UTF-8 and some of them even use UTF-8-based locales as their default locale (i.e. all recent Linux distributions) >
