Some historical anecdotes: T.61 was proposed in 93. Utf8 later the same year. utf8 was recommended from 94. 2004 OpenSSL caught up with the recommendation, and decided to go against it to be compatible with Netscape Navigator. Which at that time had a massive 2% of the market. 2005 The behaviour of the openssl binaries were "fixed" by changing the config file. 2014 the default still hasn't been changed, 20 years after the original deprecation of T.61 in x509 standards. I love the speed with which this evolves.
Thanks for fixing this, it's very appreciated, even if I have to keep hacking around the behaviour in openssl for the next decade as well. //D.S. On Sat, May 31, 2014 at 10:17 PM, Bob Beck <[email protected]> wrote: > > Done. Thanks for the giggle. I needed it today. > > -Bob > > > On Sat, May 31, 2014 at 07:20:56PM +0200, D. Spindel wrote: >> a short plea from someone who just had to dig through OpenSSL code and >> figuring out why I was getting T.61 strings instead of UTF8Strings. >> >> Would you _please_ and kindly change the default of global_mask in >> crypto/asn1/a_strnid.c from 0xFFFFFFFFL to B_ASN1_UTF8STRING >> >> OpenSSL upstream has had the mask set to utf8only in the config file >> since 2005, but kept the default to the code. This makes OpenSSL by >> default non-compatible with RFC5280, and is generally a headache to >> work with. >> >> >> Kind regards, >> D.S. >> - who just spent hours chasing that behaviour down in OpenSSL. >>
