Thanks for the tip. I investigated it little bit and in general both ways you suggested work. The only glitch is that this doesn't work if I use non-ASCII characters in name. This is problem because certificates here in Czech usually contain first and last name inside certificate subject and there are almost always some characters with accents.
Yeah, xmlsec utility is smart enough to convert command line parameters from code page to utf8 as expected on windows. I'll take a look, should be trivial fix.
So it seems that there is a bug related to processing non-ASCII characters. Also if I ask for certificate subject and issuer in a signature template and these fields contain non-ASCII characters, I get the following error from xmlsec: output error : invalid character value output error : string is not in UTF-8
This is not a bug. By default, all data in XML file are expected to be in UTF8 encoding. If you use different encoding, then you need to specify the encoding you use in XML prolog.
Should I record this in the Bugzilla or is it sufficient to report it here? As a workaround I have tried to escape accented characters, i.e. use: serialNumber=P111870,CN=Ing. Ji\C5\99\C3\AD Kosek,OU=1,O=Ing. Ji\C5\99\C3\AD Kosek [I\C4\8C 71612998],C=CZ instead of SERIALNUMBER=P111870,CN=Ing. Jiří Kosek,OU=1,O=Ing. Jiří Kosek [IČ 71612998],C=CZ
Good workaround!
I don't know whether this escaping is syntactically correct from X.509 point of view, but I have seen it in output of message signed with openssl provider. Anyway this has not been working. But working solution is to set "friendly name" to use non-ASCII characters. This is a small burden to user, but it works for now. Many thanks for this tip.
I believe you should be able to make it work through template by either converting names to utf8 or specifying encoding for the xml file. I'll also take a look at command line parameters conversion :) Aleksey _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
