From 9a980ba8f4d640d01ee481a67a8a783261ea7c47 Mon Sep 17 00:00:00 2001
From: Carl Hetherington <cth@carlh.net>
Date: Tue, 27 Feb 2018 21:34:40 +0000
Subject: Use string_mask = nombstr so that openssl uses PRINTABLESTRING rather
 than UTF8STRING when putting things like Organization into certificates. 
 SMPTE 430/2/2006 specifies this, and apparently Waimea raises an error if
 UTF8STRING is used (as seems to be openssl's default).

---
 src/certificate_chain.cc | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src')

diff --git a/src/certificate_chain.cc b/src/certificate_chain.cc
index 3ea6db60..851252af 100644
--- a/src/certificate_chain.cc
+++ b/src/certificate_chain.cc
@@ -201,6 +201,7 @@ CertificateChain::CertificateChain (
 		f << "[ req ]\n"
 		  << "distinguished_name = req_distinguished_name\n"
 		  << "x509_extensions	= v3_ca\n"
+		  << "string_mask = nombstr\n"
 		  << "[ v3_ca ]\n"
 		  << "basicConstraints = critical,CA:true,pathlen:3\n"
 		  << "keyUsage = keyCertSign,cRLSign\n"
@@ -234,6 +235,7 @@ CertificateChain::CertificateChain (
 		f << "[ default ]\n"
 		  << "distinguished_name = req_distinguished_name\n"
 		  << "x509_extensions = v3_ca\n"
+		  << "string_mask = nombstr\n"
 		  << "[ v3_ca ]\n"
 		  << "basicConstraints = critical,CA:true,pathlen:2\n"
 		  << "keyUsage = keyCertSign,cRLSign\n"
@@ -272,6 +274,7 @@ CertificateChain::CertificateChain (
 		f << "[ default ]\n"
 		  << "distinguished_name = req_distinguished_name\n"
 		  << "x509_extensions	= v3_ca\n"
+		  << "string_mask = nombstr\n"
 		  << "[ v3_ca ]\n"
 		  << "basicConstraints = critical,CA:false\n"
 		  << "keyUsage = digitalSignature,keyEncipherment\n"
-- 
cgit v1.2.3