Bug#517994: ssl-cert incorrectly handles non-latin charachers in the certificate DN
Package: ssl-cert
Version: 1.0.23
Severity: normal
Tags: l10n
When entering Cyrillic characters into certificate DN fields
such as Common Name or Organization, make-ssl-cert produces certificate
with invalid latin-1 character sequences instead of cyrillic.
Problem can be fixed (at least in UTF-8 locale) by adding two
lines into [req] section of the /usr/share/ssl-cert/ssleay.conf:
utf8=yes ; forces OpenSSL to interpret configuration file as UTF-8
string_mask=pkix ; forces to use ASN.1 encoding compatible with most CA
(really, may be better to use string_mask = utf8only, because it would
work with CJK languages)
See req(1ssl) manpage for detailed rescription of these directives.
For correct support of non-utf8 locales, user answers should be
converted from locale encoding to UTF-8, because openssl utility
supports only Latin-1 and Utf-8 in configuration files.
-- System Information:
Debian Release: 5.0
APT prefers stable
APT policy: (990, 'stable'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-486
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages ssl-cert depends on:
ii adduser 3.110 add and remove users and groups
ii debconf [debconf-2.0] 1.5.24 Debian configuration management sy
ii openssl 0.9.8g-15 Secure Socket Layer (SSL) binary a
ii openssl-blacklist 0.4.2 list of blacklisted OpenSSL RSA ke
ssl-cert recommends no packages.
ssl-cert suggests no packages.
-- debconf information:
* make-ssl-cert/vulnerable_prng:
make-ssl-cert/title:
make-ssl-cert/ouname: подотдел очистки
make-ssl-cert/hostname: localhost
make-ssl-cert/organisationname: Рога и Копыта
make-ssl-cert/statename: Какой-то округ
make-ssl-cert/localityname: Где-то на белом свете
make-ssl-cert/countryname: RU
make-ssl-cert/email: webmaster@localhost
Reply to: