Julia Dubenskaya wrote:
I have just submitted a patch (bug #1279552)http://sourceforge.net/tracker/index.php?func=detail&aid=1279552&group_id=20873&atid=120873
It is a consequence of a bug in "openssl verify", which always transforms utf8 strings into quoted printable form when shown on the screen.
We don't use "openssl verify". There is an own program called openca-sv which does this job. So perhaps we should fix our own program instead of working around the problem. Can you describe more exactly what does the problem be? It sounds like openca-sv prints a subject but with the wrong flags. See openca-0.9/src/openca-sv/src/callback.c. It looks like we use X509_NAME_oneline. X509_NAME_print_ex should be used instead.
The following is only an untested idea:
old code:
X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);
if( verbose ) {
if( (!chainVerify) || (verify_depth >= depth)) {
BIO_printf(bio_out,"depth:%d serial:",depth);
i2a_ASN1_INTEGER( bio_out, X509_get_serialNumber(err_cert) );
BIO_printf(bio_out," subject:%s\n",buf);
}
}
new code:
if( verbose ) {
if( (!chainVerify) || (verify_depth >= depth)) {
BIO_printf(bio_out,"depth:%d serial:",depth);
i2a_ASN1_INTEGER( bio_out, X509_get_serialNumber(err_cert) );
BIO_printf(bio_out," subject:");
X509_NAME_print_ex (bio_out, X509_get_subject_name(err_cert),
0,
XN_FLAG_RFC2253&(~ASN1_STRFLGS_ESC_MSB));
BIO_printf(bio_out, "\n");
}
}
What do you think about this idea?
Michael
--
_______________________________________________________________
Michael Bell Humboldt-Universitaet zu Berlin
Tel.: +49 (0)30-2093 2482 ZE Computer- und Medienservice
Fax: +49 (0)30-2093 2704 Unter den Linden 6
[EMAIL PROTECTED] D-10099 Berlin
_______________________________________________________________
smime.p7s
Description: S/MIME Cryptographic Signature
