Re: Annoying Garbage characters in OIDs

Johnny Gonzalez Wed, 03 Aug 2005 06:31:22 -0700

Hello Steve,

 --- "Dr. Stephen Henson" <[EMAIL PROTECTED]>
escribió:


> On Wed, Aug 03, 2005, Johnny Gonzalez wrote:
> 
> > 
> > 
> > I'm sending you the certificate I'm testing on my
> > machine, but I will change the extension to .txt
> so
> > there won't be any problem sending the file.
> > 
> 
> I get the same too.
> 
> How are you entering data in these extra fields? It
> looks like whatever is
> doing it is feeding in the encoded version rather
> than its actual value. The
> result is that OpenSSL is trying to encode a
> PrintableString within a
> T61String.
> 
I'm creating the request throught this command. Nothe
that I'm using 0.9.8 I thought this could solve the
problem.

bin/openssl req -new -utf8 -config openssl.cnf -out
NewReqOIDs4UTF8LatinChars.pem

I also tryed it without the -utf8 option, but results
are the same.

Then the console asks me for the values:


Generating a 1024 bit RSA private key
.............................................................++++++
..........................................++++++
writing new private key to 'privkey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that
will be incorporated
into your certificate request.
What you are about to enter is what is called a
Distinguished Name or a DN.
There are quite a few fields but you can leave some
blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CO]:
State or Province Name (full name) [Cundinamarca]:
Locality Name (eg, city) [Bogota]:
Organization Name (eg, company) [Ubiquando]:
Organizational Unit Name (eg, section) [Internet]:
Common Name (eg, YOUR name) []:johnny gonzalez
Email Address []:[EMAIL PROTECTED]
Nit []:800123456
Cedula []:79982276
Direccion []:cra 20Bis # 159A-17 apto 101

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:


In all fields I leave the default values I set, I only
give new values for: Common Name, Email Address, Nit
(1st new OID) , Cedula (2nd new OID) and Direccion
(last new OID)


If I run the asn1parse command I got:
   0:d=0  hl=4 l= 581 cons: SEQUENCE
    4:d=1  hl=4 l= 430 cons: SEQUENCE
    8:d=2  hl=2 l=   1 prim: INTEGER           :00
   11:d=2  hl=4 l= 259 cons: SEQUENCE
   15:d=3  hl=2 l=  11 cons: SET
   17:d=4  hl=2 l=   9 cons: SEQUENCE
   19:d=5  hl=2 l=   3 prim: OBJECT           
:countryName
   24:d=5  hl=2 l=   2 prim: PRINTABLESTRING   :CO
   28:d=3  hl=2 l=  21 cons: SET
   30:d=4  hl=2 l=  19 cons: SEQUENCE
   32:d=5  hl=2 l=   3 prim: OBJECT           
:stateOrProvinceName
   37:d=5  hl=2 l=  12 prim: PRINTABLESTRING  
:Cundinamarca
   51:d=3  hl=2 l=  15 cons: SET
   53:d=4  hl=2 l=  13 cons: SEQUENCE
   55:d=5  hl=2 l=   3 prim: OBJECT           
:localityName
   60:d=5  hl=2 l=   6 prim: PRINTABLESTRING   :Bogota
   68:d=3  hl=2 l=  18 cons: SET
   70:d=4  hl=2 l=  16 cons: SEQUENCE
   72:d=5  hl=2 l=   3 prim: OBJECT           
:organizationName
   77:d=5  hl=2 l=   9 prim: PRINTABLESTRING  
:Ubiquando
   88:d=3  hl=2 l=  17 cons: SET
   90:d=4  hl=2 l=  15 cons: SEQUENCE
   92:d=5  hl=2 l=   3 prim: OBJECT           
:organizationalUnitName
   97:d=5  hl=2 l=   8 prim: PRINTABLESTRING  
:Internet
  107:d=3  hl=2 l=  24 cons: SET
  109:d=4  hl=2 l=  22 cons: SEQUENCE
  111:d=5  hl=2 l=   3 prim: OBJECT           
:commonName
  116:d=5  hl=2 l=  15 prim: PRINTABLESTRING   :johnny
gonzalez
  133:d=3  hl=2 l=  47 cons: SET
  135:d=4  hl=2 l=  45 cons: SEQUENCE
  137:d=5  hl=2 l=   9 prim: OBJECT           
:emailAddress
  148:d=5  hl=2 l=  32 prim: IA5STRING        
:[EMAIL PROTECTED]
  182:d=3  hl=2 l=  25 cons: SET
  184:d=4  hl=2 l=  23 cons: SEQUENCE
  186:d=5  hl=2 l=  10 prim: OBJECT           
:1.3.6.1.4.1.4710.1.3.2
  198:d=5  hl=2 l=   9 prim: PRINTABLESTRING  
:800123456
  209:d=3  hl=2 l=  24 cons: SET
  211:d=4  hl=2 l=  22 cons: SEQUENCE
  213:d=5  hl=2 l=  10 prim: OBJECT           
:1.3.6.1.4.1.4710.1.3.1
  225:d=5  hl=2 l=   8 prim: PRINTABLESTRING  
:79982276
  235:d=3  hl=2 l=  37 cons: SET
  237:d=4  hl=2 l=  35 cons: SEQUENCE
  239:d=5  hl=2 l=   3 prim: OBJECT           
:streetAddress
  244:d=5  hl=2 l=  28 prim: T61STRING         :cra
20Bis # 159A-17 apto 101
  274:d=2  hl=3 l= 159 cons: SEQUENCE
  277:d=3  hl=2 l=  13 cons: SEQUENCE
  279:d=4  hl=2 l=   9 prim: OBJECT           
:rsaEncryption
  290:d=4  hl=2 l=   0 prim: NULL
  292:d=3  hl=3 l= 141 prim: BIT STRING
  436:d=2  hl=2 l=   0 cons: cont [ 0 ]
  438:d=1  hl=2 l=  13 cons: SEQUENCE
  440:d=2  hl=2 l=   9 prim: OBJECT           
:sha1WithRSAEncryption
  451:d=2  hl=2 l=   0 prim: NULL
  453:d=1  hl=3 l= 129 prim: BIT STRING


So this seems to be ok. Then I process the requests
with OpenCA, configured to use OpenSSL-0.9.8. Could
this be a problem in OpenCA? What do you think the
problem could be in OpenCA?


Attached there is the request.

Thanks a lot,
Johnny




> Steve.
> --
> Dr Stephen N. Henson. Email, S/MIME and PGP keys:
> see homepage
> OpenSSL project core developer and freelance
> consultant.
> Funding needed! Details on homepage.
> Homepage: http://www.drh-consultancy.demon.co.uk
>
______________________________________________________________________
> OpenSSL Project                                
> http://www.openssl.org
> User Support Mailing List                   
> openssl-users@openssl.org
> Automated List Manager                          
> [EMAIL PROTECTED]
> 


                
______________________________________________ 
Renovamos el Correo Yahoo! 
Nuevos servicios, más seguridad 
http://correo.yahoo.es

NewReqOIDs4UTF8LatinChars.pem
Description: 3890832345-NewReqOIDs4UTF8LatinChars.pem

Re: Annoying Garbage characters in OIDs

Reply via email to