set the default stringmask to utf8 This corrects a problem where older OpenSSL versions don't do this by default. fixes #2291

commit: 4b4efb606a0dc98b52c4abce9977fe03a80f98b6 [log] [tgz]
author: Paul Kehrer <paul.l.kehrer@gmail.com> Sat Aug 22 16:29:48 2015 -0500
committer: Paul Kehrer <paul.l.kehrer@gmail.com> Sat Aug 22 16:29:48 2015 -0500
tree: 4c2530f19d4cf078345529a23362d1fc9bab51dd
parent: c12acccca5608033be30a04a197d234e2233220c [diff]
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index 9eae69c..8c4abcd 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py

@@ -521,6 +521,12 @@
         self._ffi = self._binding.ffi
         self._lib = self._binding.lib
 
+        # Set the default string mask for encoding ASN1 strings to UTF8. This
+        # is the default for newer OpenSSLs for several years and is
+        # recommended in RFC 2459.
+        res = self._lib.ASN1_STRING_set_default_mask_asc(b"utf8only")
+        assert res == 1
+
         self._binding.init_static_locks()
 
         # adds all ciphers/digests for EVP
commit	4b4efb606a0dc98b52c4abce9977fe03a80f98b6	[log] [tgz]
author	Paul Kehrer <paul.l.kehrer@gmail.com>	Sat Aug 22 16:29:48 2015 -0500
committer	Paul Kehrer <paul.l.kehrer@gmail.com>	Sat Aug 22 16:29:48 2015 -0500
tree	4c2530f19d4cf078345529a23362d1fc9bab51dd
parent	c12acccca5608033be30a04a197d234e2233220c [diff]