Set the string-mask to utf8only
If subject had utf-8 characters in them, the encoding chosen by OpenSSL for
defaults T61.
From the OpenSSL source code:
* utf8only : only use UTF8Strings (RFC2459 recommendation for 2004).
That was 10 years ago, and the last remnant that had problems with it
was Netscape, which is no longer a problem.
A request changes from:
13:d=5 hl=2 l= 3 prim: OBJECT :commonName
18:d=5 hl=2 l= 9 prim: T61STRING :Gurka ���
To:
13:d=5 hl=2 l= 3 prim: OBJECT :commonName
18:d=5 hl=2 l= 12 prim: UTF8STRING :Gurka åäö
OpenSSL/test/test_crypto.py
Update test DER data to have utf8string.
( \x0c instead of \0x13, PrintableString )
diff --git a/OpenSSL/crypto.py b/OpenSSL/crypto.py
index 50ff74f..4999194 100644
--- a/OpenSSL/crypto.py
+++ b/OpenSSL/crypto.py
@@ -463,6 +463,9 @@
if isinstance(value, _text_type):
value = value.encode('utf-8')
+ # Make it so OpenSSL generates utf-8 strings.
+ _lib.ASN1_STRING_set_default_mask_asc(b'utf8only')
+
add_result = _lib.X509_NAME_add_entry_by_NID(
self._name, nid, _lib.MBSTRING_UTF8, value, -1, -1, 0)
if not add_result:
diff --git a/OpenSSL/test/test_crypto.py b/OpenSSL/test/test_crypto.py
index f6f0751..73e9cc7 100644
--- a/OpenSSL/test/test_crypto.py
+++ b/OpenSSL/test/test_crypto.py
@@ -1003,7 +1003,7 @@
self.assertEqual(
a.der(),
b('0\x1b1\x0b0\t\x06\x03U\x04\x06\x13\x02US'
- '1\x0c0\n\x06\x03U\x04\x03\x13\x03foo'))
+ '1\x0c0\n\x06\x03U\x04\x03\x0c\x03foo'))
def test_get_components(self):