From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 11 Jun 2015 15:43:49 +0000 (+0200)
Subject: identification: Use UTF8String instead of the legacy T61String to encode DNs
X-Git-Tag: 5.3.3dr4~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9593b57ca34ddfc03001fff473c31ee325033772;p=thirdparty%2Fstrongswan.git

identification: Use UTF8String instead of the legacy T61String to encode DNs

When strings in RDNs contain characters outside the character set for
PrintableString use UTF8String as the passed string is most likely in
that encoding (RFC 5280 actually recommends to use only those two
string types).
---

diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c
index cd3f1ce176..7c8a4bb79a 100644
--- a/src/libstrongswan/utils/identification.c
+++ b/src/libstrongswan/utils/identification.c
@@ -478,7 +478,7 @@ static status_t atodn(char *src, chunk_t *dn)
 					name.len -= whitespace;
 					rdn_type = (x501rdns[i].type == ASN1_PRINTABLESTRING
 								&& !asn1_is_printablestring(name))
-								? ASN1_T61STRING : x501rdns[i].type;
+								? ASN1_UTF8STRING : x501rdns[i].type;
 
 					if (rdn_count < RDN_MAX)
 					{