-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error when using email to generate cert #7
Comments
Hi, I'll have a look at this. Please give me the following info :
Regards, |
I managed to reproduce the bug, will be working on soon. |
Hi, Looking at the RFC5280 page 123, the common name should be less than 64 caracters ("ub" is for upper bound) : "ub-common-name INTEGER ::= 64" Common name (CN) is composed of :
If length of name + email + "/emailAddress=" is more than 64 caracters then it leads to an error. This seems to be harcoded in OpenSSL and for good reasons as the RFC says : "specifications of Upper Bounds MUST be regarded as mandatory", so any certificate with more than 64 caracters in CN will be invalid. I suggest you put a short name in the "name (CN)", set the email and add the real URL as a SubjectAltName (click "add" in the X509 extensions box ans choose SubjectAltName ). /Patrick |
Feel free to open the case again if you have comments or questions regarding this. |
I get a string error when using a email similar to it.alerts@testdomain.org.nz
Error:
"Lib : asn1 encoding routines, doing : ASN1_mbstring_ncopy, reason : string too long (13/122/151)"
I can generate without the email which is fine, but frustrating.
The text was updated successfully, but these errors were encountered: