> > But OpenSSL doesn't see it as PrintableStrings but as V_ASN1_T61STRING. > And that's what make the decryption fail. I think I really misunderstand you > because what I observe is the opposite of what you're explaining.
In latin there were no accents as fae as I remember :-) Anyway: Although there exist a number of equivalences defined for DNs I think it is difficult to define something that allows a matching of code point 15/8 which is e-grave in ISO-LATIN-1 bit L-stroke in a correct T61 with something that does not exist in printable string. One might even consider to add a rule to openssl to make all comparisons of a printable string containg an illegal char fail against anything, even against itself. Is the software in question using some textual representation of a DN extracted from the cert and then reencoding it in the recipient data structure? As far as I remember PKIX texts e.g. RFC 3280 tell about name equivalences tell that you risk failures if you assume anything else than exact match. PS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
