Bug 134944 - /etc/httpd/conf/Makefile assumes terminal != UTF-8
/etc/httpd/conf/Makefile assumes terminal != UTF-8
Product: Fedora
Classification: Fedora
Component: openssl (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Depends On:
  Show dependency treegraph
Reported: 2004-10-07 09:46 EDT by Noa Resare
Modified: 2007-11-30 17:10 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-02-10 04:29:02 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Noa Resare 2004-10-07 09:46:57 EDT
Description of problem:

When using the nifty Makefile in /etc/httpd/conf to create ssl
certificates and enters non-ascii characters in the prompts presented
by openssl, the resulting certificates contains invalid chars.

This is because openssl assumes that entered data is in latin1 and
thus encodes the two byte utf-8 sequence generated by the terminal as
two separate characters in the certificate unless the -utf8 option is
given to 'openssl req'

Since utf-8 is always the charset used in Fedora -utf8 should always
be passed.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. use an utf-8 capable terminal such as gnome-terminal or xterm
2. cd /etc/httpd/conf
3. make test.pem
4. enter some nice non-ascii characters such as o with dots when prompted
5. configure your server to use the generated test.pem
6. access the server over https with for example firefox and watch the
details of the certificate prestented  

Actual results:
broken utf-8 sequences 

Expected results:
nice non-ascii chars

Additional info:

To fix, replace all occurances of '/usr/bin/openssl req' with
'/usr/bin/openssl req -utf8' in the Makefile
Comment 1 Noa Resare 2004-10-07 11:39:41 EDT
Oops. Makefile was a symlink to a openssl owned file. Sorry
Comment 2 Tomas Mraz 2005-02-10 04:31:12 EST
We add -utf8 if the LC_CTYPE charset is UTF-8.
However note there is a bug somewhere in the OpenSSL code which makes
it to allow only characters which fit in the ISO-8859-1 charset
otherwise it will fail with error.
Comment 3 Noa Resare 2005-02-11 02:24:46 EST
ISO-8859-1 goes a long way for a lot of people (including me)

Note You need to log in before you can comment on or make changes to this bug.