New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PRINTABLE_STRING in signing request prevents wildcard domains #468

kevinpt opened this Issue Apr 28, 2016 · 3 comments


None yet
4 participants

kevinpt commented Apr 28, 2016

When creating a certificate signing request, x509_write_name() uses the PRINTABLE_STRING type for everything but emailAddress. This prevents the use of asterisks to create a wildcard domain as part of the common/domain name since they aren't part of that character set. The request will still be created but Openssl complains about invalid characters and stops processing the request.

It would be more useful to also use IA5_STRING for the MBEDTLS_OID_AT_CN OID.

@ciarmcom ciarmcom added the mirrored label Apr 28, 2016


This comment has been minimized.


ciarmcom commented Apr 28, 2016

ARM Internal Ref: IOTSSL-733


This comment has been minimized.


sbutcher-arm commented May 4, 2016

Hi @kevinpt,

This isn't a planned enhancement, but we would certainly welcome a community contribution that provides this as a configurable option.


This comment has been minimized.


hanno-arm commented Nov 8, 2018

Fixed through #1641.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment