On Mon, Nov 17, 2003 at 07:34:46PM +0100, Dr. Stephen Henson wrote: > On Mon, Nov 17, 2003, Alex Marandon wrote: [...] > > With messages produced by openssl itself or, for example, Outlook > > Express, X509_NAME_ENTRY's are viewed by OpenSSL as being of the > > V_ASN1_PRINTABLESTRING type, even if they have latin characters. But > > with with the particular application I'm dealing with, entries with > > latin characters are viewed as being of the V_ASN1_T61STRING type by > > OpenSSL. Consequently, X509_NAME_cmp()'s type comparison fails, because > > openssl find V_ASN1_PRINTABLESTRING in the local certificate and > > V_ASN1_T61STRING in the provides message. [...]
Hello, I'm afraid I'm lacking some knowledge to understand your answer well. I ask more questions to understand better. > X509_NAME_cmp() doesn't have anything to do with the message content as such > its associated with the certificate matching code which finds the appropriate > recipient certificate. Ok. > The PrintableString types does *not* permits latin characters in fact it has a > very limited character range (excluding characters such as '@'). OpenSSL > should never produce latin characters in PrintableStrings Hum...does it mean that it's forbidden to have latin characters in subjectName ? However, certificates produced by OpenSSL can have latin characters in their subject name, and when loaded in X509_NAME structures, entries with latin characters are seen as PrintableString. I think I'm missing something here. > I'd say from the example that the certificate and/or of the third party > software is broken if it produces latin characters in PrintableStrings. But OpenSSL doesn't see it as PrintableStrings but as V_ASN1_T61STRING. And that's what make the decryption fail. I think I really misunderstand you because what I observe is the opposite of what you're explaining. > On top of that it looks broken in that it doesn't correctly include the issuer > name in the PKCS#7 structure. Oh...well I don't know how to print the issuer included in a PKCS#7 structure. > The only really safe way to do this is to copy the Name structure > verbatim. Copy it where ? Thanks for your help. -- Alex Marandon CLARISYS Informatique http://clarisys.fr ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
