[gnutls-devel] Restrictions on tag types
Kurt Roeckx
kurt at roeckx.be
Sun Jun 1 12:44:09 CEST 2014
Hi,
In lib/x509/common.c there is this:
[...]
ENTRY("2.5.4.6", "C", NULL, ASN1_ETYPE_PRINTABLE_STRING),
ENTRY("2.5.4.9", "street", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID),
ENTRY("2.5.4.12", "title", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID),
ENTRY("2.5.4.10", "O", "PKIX1.DirectoryString", ASN1_ETYPE_INVALID),
[...]
I'm seeing certificates that encode the "C" with an UTF8String and
not a PrintableString, which then result in getting an error that
it has invalid DER.
"C" can of course only contain a certain amount of characters. But
I don't see why it shouldn't be allowed to encode this is whatever
charset they want. Since they should use either PrintableString
or UTF8String in a DN it makes sense to me that they would do
everything in UTF8String even when not needed.
Is there a good reason to only allow PrintableString?
Kurt
More information about the Gnutls-devel
mailing list