Error when using email to generate cert

[tezwork]

I get a string error when using a email similar to it.alerts@testdomain.org.nz

Error:
"Lib : asn1 encoding routines, doing : ASN1_mbstring_ncopy, reason : string too long (13/122/151)"

I can generate without the email which is fine, but frustrating.

[patrickpr]

Hi,

I'll have a look at this. Please give me the following info :

• Yaog & Operating system version
• Do you have this error when generating self signed cert or CSR ?

Regards,

[patrickpr]

I managed to reproduce the bug, will be working on soon.

[patrickpr]

Hi,

Looking at the RFC5280 page 123, the common name should be less than 64 caracters ("ub" is for upper bound) : "ub-common-name INTEGER ::= 64"

Common name (CN) is composed of :

1. The certificate name (can be URL but also something else)
2. if an email is provided, then the string "/emailAddress=<email>" is added to it.

If length of name + email + "/emailAddress=" is more than 64 caracters then it leads to an error.

This seems to be harcoded in OpenSSL and for good reasons as the RFC says : "specifications of Upper Bounds MUST be regarded as mandatory", so any certificate with more than 64 caracters in CN will be invalid.

I suggest you put a short name in the "name (CN)", set the email and add the real URL as a SubjectAltName (click "add" in the X509 extensions box ans choose SubjectAltName ).

/Patrick

[patrickpr]

Feel free to open the case again if you have comments or questions regarding this.