UTF-8 support for subject names

mpeylo / cmpossl

An OpenSSL-based implementation of the Certificate Management Protocol (CMP), defined in IETF RFCs 4210, 4211, and 6712. It is being extended according to the emerging RFCs 'CMP Updates' (CMPv3), 'CMP Algorithms', and 'Lightweight CMP Profile'.

https://github.com/mpeylo/cmpossl/wiki

Other

35 stars 13 forks source link

UTF-8 support for subject names #136

Open mpeylo opened 6 years ago

mpeylo commented 6 years ago

IRs specifying (e.g.) the following UTF-8 subject names on the command line don't bring the desired result.

-subject "/CN=Martin/O=Test/L=北京" -subject "/CN=Martin/O=Test/L=öäü"

Note:

using config files not yet evaluated
tested on Linux / Debian 9.4

The "req" app has an "-utf8" switch for enabling similar subject names with UTF-8 characters. The "x509" app includes "-nameopt utf8" for achieving correct displaying of subject names including UTF8 characters.

DDvO commented 6 years ago

allow also lower-case field names, e.g., "cn"

DDvO commented 6 years ago

also allow permutation (i.e., different order) of fields?

mpeylo commented 6 years ago

I don't really see the benefit from having lower-case field names - but that's needlessly complicating things, to my understanding would not be in line how upstream OpenSSL is handling things, and would likely require to mess with code in upstream scope.

Could you give examples for the permutation? I wasn't aware that there would be any particular order. Would upstream permit it as you indicate?

Those both things have probably little to do with UTF-8 support ;-)

DDvO commented 6 years ago

See also https://tools.ietf.org/html/rfc5280#section-4.1.2.6 for details of the structure and encoding of subject DNs