Set the string-mask to utf8only

If subject had utf-8 characters in them, the encoding chosen by OpenSSL for defaults T61. From the OpenSSL source code: * utf8only : only use UTF8Strings (RFC2459 recommendation for 2004). That was 10 years ago, and the last remnant that had problems with it was Netscape, which is no longer a problem. A request changes from: 13:d=5 hl=2 l= 3 prim: OBJECT :commonName 18:d=5 hl=2 l= 9 prim: T61STRING :Gurka �� To: 13:d=5 hl=2 l= 3 prim: OBJECT :commonName 18:d=5 hl=2 l= 12 prim: UTF8STRING :Gurka åäö OpenSSL/test/test_crypto.py Update test DER data to have utf8string. ( \x0c instead of \0x13, PrintableString )
pyca · Apr 15, 2015 · 5533e25 · 5533e25
1 parent 0959cb6
commit 5533e25
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/OpenSSL/crypto.py b/OpenSSL/crypto.py
@@ -463,6 +463,9 @@ def __setattr__(self, name, value):
         if isinstance(value, _text_type):
             value = value.encode('utf-8')
 
+        # Make it so OpenSSL generates utf-8 strings.
+        _lib.ASN1_STRING_set_default_mask_asc(b'utf8only')
+
         add_result = _lib.X509_NAME_add_entry_by_NID(
             self._name, nid, _lib.MBSTRING_UTF8, value, -1, -1, 0)
         if not add_result:

diff --git a/OpenSSL/test/test_crypto.py b/OpenSSL/test/test_crypto.py
@@ -1003,7 +1003,7 @@ def test_der(self):
         self.assertEqual(
             a.der(),
             b('0\x1b1\x0b0\t\x06\x03U\x04\x06\x13\x02US'
-              '1\x0c0\n\x06\x03U\x04\x03\x13\x03foo'))
+              '1\x0c0\n\x06\x03U\x04\x03\x0c\x03foo'))
 
 
     def test_get_components(self):