On 02.01.2011 01:04, Stefan Fritsch wrote: > This will still treat non character string types (such as OCTET > STRING) incorrectly, but I think we can ignore that problem. Or do you > think we should add ASN1_STRFLGS_DUMP_UNKNOWN | ASN1_STRFLGS_DUMP_DER, > too?
I wouldn't recommend to add these, no. First, non-STRING types are clearly out of scope for those 13 DN attributes which mod_ssl supports. Second, "dumping" the non-character strings would mean that everything would always be rendered in hex - an OCTET STRING with "Snake Oil" would show up as "#536E616B65204F696C" (not really useful for our purposes, IMO). Kaspar