New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

An encoding tag problem of mbedtls_x509write_crt_der #1860

raprepo opened this Issue Jul 13, 2018 · 3 comments


None yet
5 participants

raprepo commented Jul 13, 2018


  • Type: Bug
  • Priority: Major


When the subject_name or issuer_name contains non-ASCII printable characters (such as Chinese, Japanese, Russian, etc.), the certificate content output by mbedtls_x509write_crt_der will have some problems.

This problem can be replay with cert_write program.
Just set subject_name=CN=Cert,O=中文汉字,C=UK

When the program runs successfully, the certificate can be generated, but when you view the contents of the certificate, you can find that the contents of the subject and/or issuer are not correct.

After debugging, I found the problem appeared here.

-> mbedtls_x509_write_names()
-> x509_write_name()
-> mbedtls_asn1_write_printable_string():
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_PRINTABLE_STRING ) );

When I replace MBEDTLS_ASN1_PRINTABLE_STRING with MBEDTLS_ASN1_UTF8_STRING, there is no problem.

This seems to be due to the use of the wrong TAG, which causes the system cannot decode the certificate content properly.


This comment has been minimized.


RonEld commented Jul 15, 2018

@raprepo Thank you for reporting this issue!
I believe this is a duplicate of #468
Please confirm


This comment has been minimized.


ciarmcom commented Sep 12, 2018

ARM Internal Ref: IOTSSL-2521


This comment has been minimized.


hanno-arm commented Nov 8, 2018

Fixed through PR #1641.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment