[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#517994: ssl-cert incorrectly handles non-latin charachers in the certificate DN



Package: ssl-cert
Version: 1.0.23
Severity: normal
Tags: l10n


When entering Cyrillic characters into  certificate DN fields
such as Common Name or Organization, make-ssl-cert produces certificate
with invalid latin-1 character sequences instead of cyrillic.

Problem can be fixed (at least in UTF-8 locale) by adding two
lines into [req]  section of the /usr/share/ssl-cert/ssleay.conf:

utf8=yes ; forces OpenSSL to interpret configuration file as UTF-8
string_mask=pkix ; forces to use ASN.1 encoding compatible with most CA

(really, may be better to use string_mask = utf8only, because it would
work with CJK languages)

See req(1ssl) manpage for detailed rescription of these directives.

For correct support of non-utf8 locales, user answers should be
converted from locale encoding to UTF-8, because openssl utility
supports only Latin-1 and Utf-8 in configuration files.


-- System Information:
Debian Release: 5.0
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-486
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages ssl-cert depends on:
ii  adduser                       3.110      add and remove users and groups
ii  debconf [debconf-2.0]         1.5.24     Debian configuration management sy
ii  openssl                       0.9.8g-15  Secure Socket Layer (SSL) binary a
ii  openssl-blacklist             0.4.2      list of blacklisted OpenSSL RSA ke

ssl-cert recommends no packages.

ssl-cert suggests no packages.

-- debconf information:
* make-ssl-cert/vulnerable_prng:
  make-ssl-cert/title:
  make-ssl-cert/ouname: подотдел очистки
  make-ssl-cert/hostname: localhost
  make-ssl-cert/organisationname: Рога и Копыта
  make-ssl-cert/statename: Какой-то округ
  make-ssl-cert/localityname: Где-то на белом свете
  make-ssl-cert/countryname: RU
  make-ssl-cert/email: webmaster@localhost



Reply to: