Re: asn1parse genstr question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Dear Victor, 

On Mon, Apr 22, 2019 at 9:23 PM Viktor Dukhovni <openssl-users@xxxxxxxxxxxx> wrote:
On Sun, Apr 21, 2019 at 06:58:53PM +0300, Dmitry Belyavsky wrote:

> When I use a command
>
> openssl asn1parse -genstr "UTF8String:ф" -out content
>
> I get a 6-byte file. If I understand correctly, it starts with a 2-byte
> header indicating the content length and then contains an encoded letter
> 'ф' I want. But the encoding of it is not UTF8, as the utf8 encoding of a
> cyrillic letter is 2 bytes long.
>
> Am I wrong? If the behavior I see is desired one, how can I convert the
> result of the encoding to UTF8 using openssl internal API?

By default the input string is assumed to contain single-byte octets,
which are individually encoded as UTF-8.  This is rarely what you
want if your input is not ASCII.  For actual UTF-8 input, you can
use:

    $ openssl asn1parse -out content -genstr 'FORMAT:UTF8,UTF8String:Он врет! Он не знает, КАК НАДО!' # [1]
        0:d=0  hl=2 l=  53 prim: UTF8STRING        :Он врет! Он не знает, КАК НАДО!

The "genstr" format is described in, for example:

    https://www.openssl.org/docs/man1.0.2/man3/ASN1_generate_nconf.html

Thank you very much for your answer and especially for a brilliant example :)

I'm trying to implement RFC 8398 and I try to create a valid certificate with EAI email in otherName. 

I expected that a line in the config file 

subjectAltName=otherName:1.3.6.1.5.5.7.8.9;FORMAT:UTF8,UTF8:医生@大学.example.com

will do the trick.
But I get an error
140642093051968:error:0D0B20C2:asn1 encoding routines:ASN1_generate_v3:unknown tag:../crypto/asn1/asn1_gen.c:94:
140642093051968:error:220A4093:X509 V3 routines:a2i_GENERAL_NAME:othername error:../crypto/x509v3/v3_alt.c:456:
140642093051968:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:../crypto/x509v3/v3_conf.c:47:name=subjectAltName, value=otherName:1.3.6.1.5.5.7.8.9;FORMAT:UTF8,UTF8:医生@大学.example.com

If I specify the otherName like
subjectAltName=otherName:1.3.6.1.5.5.7.8.9;UTF8:医生@大学.example.com

I do not get an error, but the encoding seems to be not UTF8, but ASCII.
Can this behavior be fixed?



--
        Viktor.

[1]. http://www.mnemosyne.ru/homo/galich-6.html


--
SY, Dmitry Belyavsky
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux