Flip the default of explicitText to UTF8String

While it may have been reasonable to use VisibleString back when this code was written, it's an anachronism nowadays. In particular, configuring BoringSSL reports that they have seen malformed certificates with exactly the issue caused by this unfortuante default. Reported by Alex Gaynor in OpenSSL issue 20772 ok jsing
author: tb <> 2023-04-20 18:29:08 +0000
committer: tb <> 2023-04-20 18:29:08 +0000
commit: afaf2a6f6c8f86ca42018d8cb536b803ad896767 (patch)
tree: f9d45d3a286ca4bfd1871bce153e9ed7fb690ee9 /src/lib
parent: 73d7335d0173a6eb46251271359c4e46835658aa (diff)
download: openbsd-afaf2a6f6c8f86ca42018d8cb536b803ad896767.tar.gz
openbsd-afaf2a6f6c8f86ca42018d8cb536b803ad896767.tar.bz2
openbsd-afaf2a6f6c8f86ca42018d8cb536b803ad896767.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/libcrypto/x509/x509_cpols.c b/src/lib/libcrypto/x509/x509_cpols.c
index 3f106c691d..af8f16c9b0 100644
--- a/src/lib/libcrypto/x509/x509_cpols.c
+++ b/src/lib/libcrypto/x509/x509_cpols.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_cpols.c,v 1.7 2023/02/16 08:38:17 tb Exp $ */
+/* $OpenBSD: x509_cpols.c,v 1.8 2023/04/20 18:29:08 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -594,7 +594,7 @@ notice_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *unot, int ia5org)
                cnf = sk_CONF_VALUE_value(unot, i);
                if (!strcmp(cnf->name, "explicitText")) {
                        if (not->exptext == NULL) {
-                                not->exptext = ASN1_VISIBLESTRING_new();
+                                not->exptext = ASN1_UTF8STRING_new();
                                if (not->exptext == NULL)
                                        goto merr;
                        }
author	tb <>	2023-04-20 18:29:08 +0000
committer	tb <>	2023-04-20 18:29:08 +0000
commit	afaf2a6f6c8f86ca42018d8cb536b803ad896767 (patch)
tree	f9d45d3a286ca4bfd1871bce153e9ed7fb690ee9 /src/lib
parent	73d7335d0173a6eb46251271359c4e46835658aa (diff)
download	openbsd-afaf2a6f6c8f86ca42018d8cb536b803ad896767.tar.gz openbsd-afaf2a6f6c8f86ca42018d8cb536b803ad896767.tar.bz2 openbsd-afaf2a6f6c8f86ca42018d8cb536b803ad896767.zip

diff --git a/src/lib/libcrypto/x509/x509_cpols.c b/src/lib/libcrypto/x509/x509_cpols.c index 3f106c691d..af8f16c9b0 100644 --- a/src/lib/libcrypto/x509/x509_cpols.c +++ b/src/lib/libcrypto/x509/x509_cpols.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_cpols.c,v 1.7 2023/02/16 08:38:17 tb Exp $ */	1	/* $OpenBSD: x509_cpols.c,v 1.8 2023/04/20 18:29:08 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 1999.	3	* project 1999.
4	*/	4	*/
@@ -594,7 +594,7 @@ notice_section(X509V3_CTX ctx, STACK_OF(CONF_VALUE) unot, int ia5org)
594	cnf = sk_CONF_VALUE_value(unot, i);	594	cnf = sk_CONF_VALUE_value(unot, i);
595	if (!strcmp(cnf->name, "explicitText")) {	595	if (!strcmp(cnf->name, "explicitText")) {
596	if (not->exptext == NULL) {	596	if (not->exptext == NULL) {
597	not->exptext = ASN1_VISIBLESTRING_new();	597	not->exptext = ASN1_UTF8STRING_new();
598	if (not->exptext == NULL)	598	if (not->exptext == NULL)
599	goto merr;	599	goto merr;
600	}	600	}