Red Hat Bugzilla – Bug 134944
/etc/httpd/conf/Makefile assumes terminal != UTF-8
Last modified: 2007-11-30 17:10:51 EST
Description of problem:
When using the nifty Makefile in /etc/httpd/conf to create ssl
certificates and enters non-ascii characters in the prompts presented
by openssl, the resulting certificates contains invalid chars.
This is because openssl assumes that entered data is in latin1 and
thus encodes the two byte utf-8 sequence generated by the terminal as
two separate characters in the certificate unless the -utf8 option is
given to 'openssl req'
Since utf-8 is always the charset used in Fedora -utf8 should always
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. use an utf-8 capable terminal such as gnome-terminal or xterm
2. cd /etc/httpd/conf
3. make test.pem
4. enter some nice non-ascii characters such as o with dots when prompted
5. configure your server to use the generated test.pem
6. access the server over https with for example firefox and watch the
details of the certificate prestented
broken utf-8 sequences
nice non-ascii chars
To fix, replace all occurances of '/usr/bin/openssl req' with
'/usr/bin/openssl req -utf8' in the Makefile
Oops. Makefile was a symlink to a openssl owned file. Sorry
We add -utf8 if the LC_CTYPE charset is UTF-8.
However note there is a bug somewhere in the OpenSSL code which makes
it to allow only characters which fit in the ISO-8859-1 charset
otherwise it will fail with error.
ISO-8859-1 goes a long way for a lot of people (including me)