Open twisted-trac opened 4 years ago
@rodrigc commented |
---|
You are right. If I look at: https://tools.ietf.org/html/rfc5280#section-4.1.2.4
It is possible for the Issuer field of a PEM certificate to be a UTF8string.
This has more references: https://www.rfc-editor.org/rfc/rfc7468.html
I'm using the Python 3.7 interface to Twisted 19.2.1 (Fedora 31).
I have the following certificate in PEM format that I'm trying to load:
(For your interest, this happens to be one of the root certificates in the system CA bundle, not some certificate I just made up.)
I do so as follows:
This returns the following error:
It appears the problem is that X.509 name fields in the subject are forcibly encoded to 'ascii', which fails in this case because the OrganizationalUnitName and CommonName contain Unicode characters.
What confuses me the most is that what I can see and interpret of X.509 specs implies that UTF-8 is not only a valid encoding for these fields, it is recommended. So I can't really understand why these fields are forcibly encoded to (and later, decoded from) ASCII, giving rise to this issue.
Searchable metadata
``` trac-id__9804 9804 type__defect defect reporter__Phidica Phidica priority__normal normal milestone__None None branch__https___github_com_wiml_twisted_tree_non_ascii_DNs https://github.com/wiml/twisted/tree/non_ascii_DNs branch_author__ status__assigned assigned resolution__None None component__core core keywords__ssl_tls_unicode ssl tls unicode time__1587138027873608 1587138027873608 changetime__1590807088264726 1590807088264726 version__None None owner__wiml wiml cc__Phidica ```