James Darwin wrote:
>
> Hi,
>
> I was under the impression that OpenSSL was multibyte aware? Can someone
> please confirm this?
>
It only partially supports multibyte characters at present. It will
parse them but not print them out properly: this is because of the
difficulty of printing on all platforms and bugs in their
implementations.
The other reason is that Netscape dies horribly in the presence of
BMPStrings and they say they wont fix this in a hurry: complain to
Netscape if you don't like this- I did. If OpenSSL obeyed RFC2459 then
such strings as "R & D" would crash Netscape but MS stuff would tolerate
them. Imagine the effect of signing with that in a newsgroup!
I think the best short term thing to do is to support various "profiles"
which either do the current thing (which is wrong) or the RFC2459
variants.
I can't do anything with the attached PKCS#12 file because it can't be
decrypted without the password.
Anyway there is a bug in the handling of certificates: it will tolerate
a BMPString but not a UTF8String. To fix this at around line 340 in
asn1.h there's a macro M_d2i_ASN1_PRINTABLE which contains a set of
types it will tolerate or'ed together. Add B_ASN1_UTF8STRING to them and
see if it works.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
