Hi,
we had a similar problem with german umlauts in the requests.
It seems that the text signed within the browser is encoded as Latin1 whereas
the text used by OpenCA to verify the signature ist encoded as utf8.
We fixed this by changing OpenCA/lib/cmds/approveCSR near line 72:
...
my $l1text;
{
use Unicode::String qw(latin1 utf8);
$l1text = new Unicode::String($text);
$l1text = $l1text->latin1();
}
if( not $item = new OpenCA::REQ ( SHELL => $cryptoShell,
GETTEXT => \&i18nGettext,
INFORM => $inform,
DATA => $l1text )) {
...
Although this workaround solved the problem I am not sure which consequences
this has for the encoding of the requests and certificates.
Regards
Johannes Derek
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf
> Of Pablo Navas
> Sent: Friday, December 02, 2005 7:19 PM
> To: [email protected]
> Subject: [Openca-Users] Sign problems when we have extrange
> characters on certificate.
>
>
> Hi again,
>
> Sorry for the other mail in Spanish.
>
> We have been trying to find out what the problem could be
> when we tried
> to sign an Approve Request on the RA. However we still get that 6206
> error, more exactly we get the 7911031error. The strange thing is
> whether I send the certificate without signing it to the CA (Approve
> Request without Signing) and y sign it in the CA, the certificate is
> generated well.
>
> The problem only stays in certificates with weird characters (for
> instance áéíóúñÑü...). If those characters don't appear in the Approve
> Request on RA it works correctly.
>
> We're using OpenCA 0.9.2.4++ with complete support for utf8 on Debian
> Linux Testing (openssl 0.9.8a). We've done additional tests such as
> changing the database characters set to different kinds of utf8,
> although we didn't success either. We've done tests with
> different ways
> to access the database (DBI and DB) too.
>
> Furthermore, you can't see anything wrong inside the error file
> (/usr/local/openca/openca/var/log/stderr.log)
>
> The worst of it all is that due to the structure of the source code we
> don't know exactly where we can try to find the origin of the trouble,
> and what's more, we believe that it could be caused by some executable
> and/or class which use openssl 0.9.7. We've been searching on the
> Internet about this and we've found quite similar problems refering to
> the program openca-sv, but our program has covered all the
> dependencies
> in the 0.9.8a. version.
>
> In conclusion, when you sign an approve request on the RA with a
> certificate with strange characters (supported by utf8), the sign
> doesn't work and you get the error we said before. If the
> certificate is
> exported without signing, the sign in the CA works perfectly. In other
> words, we think the problem may be in the OpenCA::PKCS7 class although
> it's not the one which is pointed to by the error.
>
> If anyone could tell us anything about what we can do or have
> a look at,
> we would be really grateful.
>
> Thank you very much.
>
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep
> through log files
> for problems? Stop! Download the new AJAX search engine that makes
> searching your log files as easy as surfing the web.
> DOWNLOAD SPLUNK!
> http://ads.osdn.com/?ad_idv37&alloc_id�865&op=ick
> _______________________________________________
> Openca-Users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/openca-users
>
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id�865&op=click
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users
