On Mon Jul 21 20:29:47 2014, v...@v13.gr wrote:
>
> I'm not sure whether this change is needed at all as there's no
> justification
> for it.

The justification is in RFC3280 et al:

"The UTF8String encoding [RFC 2279] is the preferred encoding, and all
certificates issued after December 31, 2003 MUST use the UTF8String
encoding of DirectoryString (except as noted below)."

So in that sense OpenSSL was a bit behind the times. The configuration files
were set to use UTF8 only well before then but not the default in the source.

The bug is in any software which relies on the DirectoryString being a
PrintableString and not in OpenSSL.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to