<div dir="ltr"><div>Now its my turn to apologize for the late response. :)<br><br></div><div>I ran the tests again on 17.0 and the same issues exist.<br></div><div><br><br></div><div>Here is my cert generator crashing on a unicode string:<br>
<br>15> api_app:generate_cert_with_key(1024).<br>** exception error: no match of right hand side value {error,{asn1,badarg}}<br> in function pubkey_cert_records:transform/2 (pubkey_cert_records.erl, line 59)<br> in call from lists:map/2 (lists.erl, line 1237)<br>
in call from pubkey_cert_records:transform/2 (pubkey_cert_records.erl, line 91)<br> in call from pubkey_cert_records:encode_tbs/1 (pubkey_cert_records.erl, line 306)<br> in call from public_key:pkix_encode/3 (public_key.erl, line 268)<br>
in call from public_key:pkix_sign/2 (public_key.erl, line 472)<br> in call from api_app:generate_cert_with_key/1 (src/api_app.erl, line 128)<br><br><br></div><div>The part of the cert with the unicode string was...<br>
</div><div><br><span style="font-family:courier new,monospace"> Subject = {rdnSequence, [<br> [#'AttributeTypeAndValue'{<br> type = ?'id-at-commonName',<br> value = {utf8String, [16#4e09|" string starting with a chinese symbol"]}<br>
%% value = {utf8String, "embedded self-signed cert"}<br> }]<br> ]},</span><br><br></div><div>It works fine when I swap in the non-unicode string.<br></div><div><br><br></div><div><br><br><br>
</div><div>Here is a certificate and it's decode showing how the text is presented as binaries instead of strings (lists).<br></div><br><div><br><br>goertzen@ubuntu64 ~/test<br>$ cat test.cert<br>-----BEGIN CERTIFICATE-----<br>
MIIDXTCCAkWgAwIBAgIJALPOPyhAojyyMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV<br>BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX<br>aWRnaXRzIFB0eSBMdGQwHhcNMTQwNjA0MTQyNjEyWhcNMTcwNjAzMTQyNjEyWjBF<br>MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50<br>
ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB<br>CgKCAQEA5M68fzYaR1Ef7DT1ooDw/QhwK2euedf7Lj1BugVawuhSGpHgsrVUorzP<br>UN4GXXWoavD0I9KMyIhY8Wzh5iI9xwjZ3RtQGLcSdWAiQME/7dPfs94MzcSKATgS<br>ZePunlOWFKxP9ie12GKKyvo4PtwRRZ/m50967DbYH8d+Tg+ASTWYA8EHrpBrlvox<br>
dA9e5xkiLwt15+SnDhiR06czy7XQ/+4oJeoIwB66iah/LVe3PXnJU/+qYSqCSgYv<br>q41L+0FSYpTBqRbJ72WxT7l2lj0IsKHkT6ywuvwt6MCw5g96Wgvsyn71b9EUKA6K<br>lTllaA96iqVHVouvX58t4D4Zt8Ic+QIDAQABo1AwTjAdBgNVHQ4EFgQUeO5XkCL9<br>omKoM6uKWezYWCKcwoIwHwYDVR0jBBgwFoAUeO5XkCL9omKoM6uKWezYWCKcwoIw<br>
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAkFPuHkWUr3ZE0goNzs6R<br>uRnNZESffEFXtk8FMQXUV+9i8dJbE0ElK7MwVLbc4VS/nXoBVQbicSTOPq2LZe0g<br>b72YcrtQlMoWdwNCibjnuxdI0o76nfWShxvy6K1sJ0qQ/T3fsfvGgKn8qGDCAGmY<br>2PJaaXvpqSy3wIPIFxnhCGiuCrcVudZkJwVWnG27jYd5IE4i9st5oJnatMS0rCeG<br>
InjWWg6aAo5hsdfgug0mMyX+87EixoGfUNm59TWWViWcFuLUksAKECmzseJZLBnT<br>1+bHXIGyV/NxZW90R8NC5ObBkP924kCdAGKPWVW6XruMCFlrmeU+P9RKhiwf/FX4<br>zg==<br>-----END CERTIFICATE-----<br>goertzen@ubuntu64 ~/test<br>$ erl<br>Erlang/OTP 17 [erts-6.0.1] [source-deacab9] [64-bit] [smp:3:3] [async-threads:10] [hipe] [kernel-poll:false]<br>
<br>Eshell V6.0.1 (abort with ^G)<br>1> {ok, PemBin} = file:read_file("test.cert").<br>{ok,<<"-----BEGIN CERTIFICATE-----\nMIIDXTCCAkWgAwIBAgIJALPOPyhAojyyMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQY"...>>}<br>
2> [{'Certificate',Cert,not_encrypted}] = public_key:pem_decode(PemBin).<br>[{'Certificate',<<48,130,3,93,48,130,2,69,160,3,2,1,2,2,9,<br> 0,179,206,63,40,64,162,60,178,48,13,...>>,<br>
not_encrypted}]<br>3> OTPCert = public_key:pkix_decode_cert(Cert, otp).<br>{'OTPCertificate',{'OTPTBSCertificate',v3,<br> 12956362620107111602,<br> {'SignatureAlgorithm',{1,2,840,113549,1,1,11},'NULL'},<br>
{rdnSequence,[[{'AttributeTypeAndValue',{2,5,4,6},"AU"}],<br> [{'AttributeTypeAndValue',{2,5,4,8},<br> <b>{utf8String,<<"Some-State">></b>}}],<br>
[{'AttributeTypeAndValue',{2,5,4,10},<br> <b>{utf8String,<<"Internet Widgits Pty Ltd">>}</b>}]]},<br>
{'Validity',{utcTime,"140604142612Z"},<br> {utcTime,"170603142612Z"}},<br> {rdnSequence,[[{'AttributeTypeAndValue',{2,5,4,6},"AU"}],<br>
[{'AttributeTypeAndValue',{2,5,4,8},<br> {utf8String,<<"Some-State">>}}],<br>
[{'AttributeTypeAndValue',{2,5,4,10},<br> {utf8String,<<"Internet Widgits Pty Ltd">>}}]]},<br>
{'OTPSubjectPublicKeyInfo',{'PublicKeyAlgorithm',{1,2,840,<br> 113549,1,1,1},<br>
'NULL'},<br> {'RSAPublicKey',28884279009285790301669924467575946032489944489699263464818187209641451094053086029317223819905552232804663206681799701028265354352239301173419976030286993076554223850305834956052085323986279172838215343728630359816997644527827805951010425788227425209795979178217250409900809512057807966976585078052255837974497261381284713573904257439066194709912683930375930487604830660421775765930552658716300974673840116044766673767999239289293469792318108847067157652307614870531765029586512631237561271128048065184664689086457528061690000433623928374995254617336829376087731238998361247235770397685269871591203885794507056356601,<br>
65537}},<br> asn1_NOVALUE,asn1_NOVALUE,<br> [{'Extension',{2,5,29,14},<br>
false,<br> [120,238,87,144,34,253,162,98,168,51,171|...]},<br> {'Extension',{2,5,29,35},<br>
false,<br> {'AuthorityKeyIdentifier',[120,238,87,144,34,253,162,98|...],<br> asn1_NOVALUE,asn1_NOVALUE}},<br>
{'Extension',{2,5,29,19},<br> false,<br> {'BasicConstraints',true,asn1_NOVALUE}}]},<br>
{'SignatureAlgorithm',{1,2,840,113549,1,1,11},'NULL'},<br> {0,<br> <<144,83,238,30,69,148,175,118,68,210,10,13,206,206,145,<br> 185,25,205,100,68,159,124,65,...>>}}<br>
4> <br><br><br></div><div>Dan.<br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Jul 31, 2014 at 9:50 AM, Ingela Anderton Andin <span dir="ltr"><<a href="mailto:Ingela.Anderton.Andin@ericsson.com" target="_blank">Ingela.Anderton.Andin@ericsson.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi!<br>
<br>
Sorry for the late answer. Was this pre 17.0 or 17.0 ? There was a unicode fix in 17.0 the accidentally seems to have been lost in the release notes. If you still have problems could you please send us a sample cert that fails to speed up the process.<br>
<br>
Regards Ingela Erlang/OTP team - Ericsson AB<div><div class="h5"><br>
<br>
<br>
<br>
<br>
On 06/12/2014 10:57 PM, Daniel Goertzen wrote:<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5">
In the public_key application, decoding of attributes in x509<br>
certificates does not always decode to a string as indicated in the<br>
documentation. The documentation says that the value of commonName (and<br>
several other attributes) should be:<br>
<br>
special_string() = {teletexString, string()} | {printableString,<br>
string()} | {universalString, string()} | {utf8String, string()} |<br>
{bmpString, string()}<br>
<br>
... however when I decode a cert I see a utf8String coming out as a<br>
binary instead of a string()....<br>
<br>
[{'AttributeTypeAndValue',<br>
{2,5,4,3},<br>
{utf8String,<<"Daniel Goertzen">>}}],<br>
<br>
... and typer shows several other non-string representations (unicode<br>
characters represented by 4-tuples):<br>
<br>
-spec dec_X520CommonName(_) -><br>
{'bmpString',[byte() | {byte(),byte(),byte(),byte()}] | {byte(),binary()}} |<br>
{'printableString',[byte() | {byte(),byte(),byte(),byte()}] |<br>
{byte(),binary()}} |<br>
{'teletexString',[byte() | {byte(),byte(),byte(),byte()}] |<br>
{byte(),binary()}} |<br>
{'universalString',[byte() | {byte(),byte(),byte(),byte()}] |<br>
{byte(),binary()}} |<br>
{'utf8String',_}.<br>
<br>
<br>
<br>
Also, encoding does not accept unicode strings (list of chars). The<br>
example below crashes.<br>
<br>
Subject = {rdnSequence, [<br>
[#'AttributeTypeAndValue'{<br>
type = ?'id-at-commonName',<br>
value = {utf8String, [16#4e09|" string starting with a<br>
chinese symbol"]}<br>
}]<br>
]},<br>
<br>
<br>
<br>
I assume that the documentation is right and the decoded representation<br>
should be "list of characters". Instead internal representations are<br>
coming through.<br>
<br>
<br></div></div>
______________________________<u></u>_________________<br>
erlang-bugs mailing list<br>
<a href="mailto:erlang-bugs@erlang.org" target="_blank">erlang-bugs@erlang.org</a><br>
<a href="http://erlang.org/mailman/listinfo/erlang-bugs" target="_blank">http://erlang.org/mailman/<u></u>listinfo/erlang-bugs</a><br>
<br>
</blockquote>
<br>
______________________________<u></u>_________________<br>
erlang-bugs mailing list<br>
<a href="mailto:erlang-bugs@erlang.org" target="_blank">erlang-bugs@erlang.org</a><br>
<a href="http://erlang.org/mailman/listinfo/erlang-bugs" target="_blank">http://erlang.org/mailman/<u></u>listinfo/erlang-bugs</a><br>
</blockquote></div><br></div>