[gnutls-dev] non-ASCII ASN.1 string types

Joe Orton joe at manyfish.co.uk
Sun Oct 17 12:08:26 CEST 2004

On Wed, Oct 13, 2004 at 11:34:56AM +0200, Nikos Mavrogiannopoulos wrote:
> On Wednesday 13 October 2004 00:00, Joe Orton wrote:
> > On Tue, Oct 12, 2004 at 10:07:53PM +0200, Nikos Mavrogiannopoulos wrote:
> > > On Thursday 07 October 2004 23:04, Joe Orton wrote:
> > > > For a certificate with the OU encoded as a BMPString, the function
> > > > appears to simply give back the raw UCS-2 data, likewise a T61String OU
> > > > is given back as-is.
> > > Could you provide me with a certificate of this kind?
> > > Most probably the behaviour of gnutls would be to reject those
> > > certificates for now.
> > Attached certificates t61subj.cert and bmpsubj.cert in PEM format. You
> > can generate these using OpenSSL; the tests scripts I use in neon are:
> Ok. The newest patch will print something like:
> Subject: C=GB,ST=Cambridgeshire,L=Cambridge,O=Neon Hackers 
> Ltd,OU=#48e86c6c6f20576f726c64,CN=localhost,EMAIL=neon at webdav.org

I dunno, I'd rather the functions fail if the RDN can't be
auto-converted into UTF-8 per the docs (but UCS-2->UTF-8 is a simple
conversion anyway).

On this subject: is there a way to iterate over all the RDNs in the
subject or issuer DN using GNU TLS?  neon needs to produce
human-readable DNs - this is easy using OpenSSL's X509_NAME interface,
but I can't find a way of doing it in GNU TLS.  Can anyone help? 


More information about the Gnutls-devel mailing list