Errors invalid characters

[CharlyCB]

Hi,

We are having problems with the file ct\crypto\asn1/types.py in the line 807 the allowed characters limit is in the the ascii char number 127 but if you try to generate a certificate with a domain using for example ünexaple.ee that script fails, and show the error illegal character in IA5String.

Notice that in the domain example the character ü has the simbol doble dot( ¨ ) over u

The code that i say is the next code: lines 800 to 810

@Universal(22, tag.PRIMITIVE)
class IA5String(ASN1String):
    """IA5String."""
    @classmethod
    def _check_for_illegal_characters(self, buf):
        for index, character in enumerate(buf):
            if ord(character) > 127:
                raise error.ASN1IllegalCharacter(
                        "Illegal character in IA5String", buf, index)

What would be patch to solve the error and use the CT with domains with simbols like ¨

Thanks!

[daviddrysdale]

IA5 only supports an ASCII-like subset of characters, so that's expected -- you need an ASN.1 type like UTF8String to hold international strings.

Also, RFC 5280 s4.2.1.6 mandates that a certificate's Subject Alternate Name that is an rfc822Name, a dNSName or a uniformResourceIdentifier be encoded as an IA5String -- so if you're trying to set one of those to an non-ASCII string, you're out of luck.

(AIUI, Punycode is the normal way round this, by transforming Unicode names to ASCII with a suffix.)

[daviddrysdale]

Closing this for the moment, please re-open if the above explanation doesn't cover the problem.

[CharlyCB]

Hi again,

We have a very hight problem, the certificate must be expended with that character in ü

The character is in the SAN.

We need to put that string in the certificate, we have tried to do a utf8_enconde() into the string. But don't worked, we tried to do an htmlspcialchars() with the utf8_encode and without it, and don't worked.

¿How can we solve this problem?