Hello, Michael,
Oops! You are right. But it looked so much like it was
calling openssl...
As X509_NAME_oneline() is called from files:
openca-0.9/src/ocspd/src/db.c
openca-0.9/src/openca-sv/src/callback.c
openca-0.9/src/scep/src/scep.c
openca-0.9/src/scep/src/scep_bio.c
maybe it is necessary to make similar changes there too?
Looks like necessary to make additional change of
a file openca-0.9/src/openca-sv/src/callback.c:
Old code:
int cb(int ok, X509_STORE_CTX *ctx)
{
......
X509_NAME_print_ex (bio_out, X509_get_subject_name (ctx->current_cert), 0,
XN_FLAG_RFC2253);
......
}
New code:
int cb(int ok, X509_STORE_CTX *ctx)
{
......
X509_NAME_print_ex (bio_out, X509_get_subject_name (ctx->current_cert), 0,
XN_FLAG_RFC2253&(~ASN1_STRFLGS_ESC_MSB));
......
}
Including of
#include <openssl/asn1.h>
#include <openssl/x509.h>
may be needed everywhere too.
Regards, Julia.
----- Original Message -----
From: "Michael Bell" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Monday, September 05, 2005 1:11 PM
Subject: Re: [OpenCA-Devel] UTF8 related bug in "openssl verify"
> Julia Dubenskaya wrote:
>
> > I have just submitted a patch (bug #1279552)
> >
> >
http://sourceforge.net/tracker/index.php?func=detail&aid=1279552&group_id=20873&atid=120873
>
> > It is a consequence of a bug in "openssl verify", which always
transforms
> > utf8 strings into quoted printable form when shown on the screen.
>
> We don't use "openssl verify". There is an own program called openca-sv
> which does this job. So perhaps we should fix our own program instead of
> working around the problem. Can you describe more exactly what does the
> problem be? It sounds like openca-sv prints a subject but with the wrong
> flags. See openca-0.9/src/openca-sv/src/callback.c. It looks like we use
> X509_NAME_oneline. X509_NAME_print_ex should be used instead.
>
> The following is only an untested idea:
>
> old code:
>
> X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);
> if( verbose ) {
> if( (!chainVerify) || (verify_depth >= depth)) {
> BIO_printf(bio_out,"depth:%d serial:",depth);
> i2a_ASN1_INTEGER( bio_out, X509_get_serialNumber(err_cert) );
> BIO_printf(bio_out," subject:%s\n",buf);
> }
> }
>
> new code:
>
> if( verbose ) {
> if( (!chainVerify) || (verify_depth >= depth)) {
> BIO_printf(bio_out,"depth:%d serial:",depth);
> i2a_ASN1_INTEGER( bio_out, X509_get_serialNumber(err_cert) );
> BIO_printf(bio_out," subject:");
> X509_NAME_print_ex (bio_out, X509_get_subject_name(err_cert),
> 0,
> XN_FLAG_RFC2253&(~ASN1_STRFLGS_ESC_MSB));
> BIO_printf(bio_out, "\n");
> }
> }
>
> What do you think about this idea?
>
> Michael
-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
OpenCA-Devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-devel
