Use string_mask = nombstr so that openssl uses PRINTABLESTRINGprintablestring

rather than UTF8STRING when putting things like Organization into
certificates.  SMPTE 430/2/2006 specifies this, and apparently
Waimea raises an error if UTF8STRING is used (as seems to be
openssl's default).

1 files changed, 3 insertions, 0 deletions

diff --git a/src/certificate_chain.cc b/src/certificate_chain.cc
index 3ea6db60..851252af 100644
--- a/src/certificate_chain.cc
+++ b/src/certificate_chain.cc
@@ -201,6 +201,7 @@ CertificateChain::CertificateChain (
 		f << "[ req ]\n"
 		  << "distinguished_name = req_distinguished_name\n"
 		  << "x509_extensions	= v3_ca\n"
+		  << "string_mask = nombstr\n"
 		  << "[ v3_ca ]\n"
 		  << "basicConstraints = critical,CA:true,pathlen:3\n"
 		  << "keyUsage = keyCertSign,cRLSign\n"
@@ -234,6 +235,7 @@ CertificateChain::CertificateChain (
 		f << "[ default ]\n"
 		  << "distinguished_name = req_distinguished_name\n"
 		  << "x509_extensions = v3_ca\n"
+		  << "string_mask = nombstr\n"
 		  << "[ v3_ca ]\n"
 		  << "basicConstraints = critical,CA:true,pathlen:2\n"
 		  << "keyUsage = keyCertSign,cRLSign\n"
@@ -272,6 +274,7 @@ CertificateChain::CertificateChain (
 		f << "[ default ]\n"
 		  << "distinguished_name = req_distinguished_name\n"
 		  << "x509_extensions	= v3_ca\n"
+		  << "string_mask = nombstr\n"
 		  << "[ v3_ca ]\n"
 		  << "basicConstraints = critical,CA:false\n"
 		  << "keyUsage = digitalSignature,keyEncipherment\n"