Oh, if its not the *default* thats much better. I had assumed from how
the problem presented this was because of default settings, but if we
shot ourselves in the foot by selecting this mode, then there isn't an
Thanks for the clarification Stephen.
On Tue, Apr 5, 2016 at 8:53 PM, Dr Stephen Henson
On 05/04/2016 22:02, George Michaelson wrote:
IIRC OpenSSL choses the most compact syntactically acceptable ASN.1
alphabet to represent strings. So, if your labels fit in IA5String,
thats what it is. But if tomorrow you re-issue and they no longer fit,
then it promotes to the next minimally correct ASN.1 alphabet.
It can do that if it is configured to do so and the API is used with
flags. However that is not mandatory behaviour and if you don't want that you
don't have to use it.
Dr Stephen N. Henson.
Core developer of the OpenSSL project: http://www.openssl.org/
Freelance consultant see: http://www.drh-consultancy.co.uk/
Email: shenson(_at_)drh-consultancy(_dot_)co(_dot_)uk, PGP key: via homepage.
smime mailing list