On Tue, Oct 09, 2012, Juan Angel Martin Gomez [AC Camerfirma] wrote: > Hello, > > > > Im trying to make a CSR with a CN that has more than 64 chars > > > > I know that the upper bound is 64 chars, but I can see in the RFC 5280 this > note: > > > > -- Note - upper bounds on string types, such as TeletexString, are > > -- measured in characters. Excepting PrintableString or IA5String, a > > -- significantly greater number of octets will be required to hold > > -- such a value. As a minimum, 16 octets, or twice the specified > > -- upper bound, whichever is the larger, should be allowed for > > -- TeletexString. For UTF8String or UniversalString at least four > > -- times the upper bound should be allowed. > > > > I used in the config file string_mask = utf8only, but I get the error again: > > > > 2072:error:0D07A097:asn1 encoding routines:ASN1_mbstring_ncopy:string too > long:.\crypto\asn1\a_mbstr.c:154:maxsize=64 > > > > > > Can you help me? >
Changing this requires source modification. In the file crypto/asn1/a_strnid.c there is a table with NID_commonName in it and a value of ub_common_name (set to 64) against it. If you change that value it will permit larger values. I'd regard the current behaviour as a bug: it should handle multi-byte characters properly. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
