On Wed, Oct 10, 2012, Dr. Stephen Henson wrote: > On Tue, Oct 09, 2012, Juan Angel Martin Gomez [AC Camerfirma] wrote: > > > Hello, > > > > > > > > Im trying to make a CSR with a CN that has more than 64 chars > > > > > > > > I know that the upper bound is 64 chars, but I can see in the RFC 5280 this > > note: > > > > > > > > -- Note - upper bounds on string types, such as TeletexString, are > > > > -- measured in characters. Excepting PrintableString or IA5String, a > > > > -- significantly greater number of octets will be required to hold > > > > -- such a value. As a minimum, 16 octets, or twice the specified > > > > -- upper bound, whichever is the larger, should be allowed for > > > > -- TeletexString. For UTF8String or UniversalString at least four > > > > -- times the upper bound should be allowed. > > > > I used in the config file string_mask = utf8only, but I get the error again: > > > > 2072:error:0D07A097:asn1 encoding routines:ASN1_mbstring_ncopy:string too > > long:.\crypto\asn1\a_mbstr.c:154:maxsize=64 > > > > > > Can you help me? > > > > Changing this requires source modification. In the file crypto/asn1/a_strnid.c > there is a table with NID_commonName in it and a value of ub_common_name (set > to 64) against it. If you change that value it will permit larger values. > > I'd regard the current behaviour as a bug: it should handle multi-byte > characters properly. >
Actually looking at the code it does handle multi byte characters properly. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
