set the default stringmask to utf8

This corrects a problem where older OpenSSL versions don't do this by default. fixes #2291
author: Paul Kehrer <paul.l.kehrer@gmail.com> 2015-08-22 16:29:48 -0500
committer: Paul Kehrer <paul.l.kehrer@gmail.com> 2015-08-22 16:29:48 -0500
commit: 4b4efb606a0dc98b52c4abce9977fe03a80f98b6 (patch)
tree: 4c2530f19d4cf078345529a23362d1fc9bab51dd /src
parent: c12acccca5608033be30a04a197d234e2233220c (diff)
download: cryptography-4b4efb606a0dc98b52c4abce9977fe03a80f98b6.tar.gz
cryptography-4b4efb606a0dc98b52c4abce9977fe03a80f98b6.tar.bz2
cryptography-4b4efb606a0dc98b52c4abce9977fe03a80f98b6.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index 9eae69c7..8c4abcd6 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -521,6 +521,12 @@ class Backend(object):
         self._ffi = self._binding.ffi
         self._lib = self._binding.lib
 
+        # Set the default string mask for encoding ASN1 strings to UTF8. This
+        # is the default for newer OpenSSLs for several years and is
+        # recommended in RFC 2459.
+        res = self._lib.ASN1_STRING_set_default_mask_asc(b"utf8only")
+        assert res == 1
+
         self._binding.init_static_locks()
 
         # adds all ciphers/digests for EVP
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2015-08-22 16:29:48 -0500
committer	Paul Kehrer <paul.l.kehrer@gmail.com>	2015-08-22 16:29:48 -0500
commit	4b4efb606a0dc98b52c4abce9977fe03a80f98b6 (patch)
tree	4c2530f19d4cf078345529a23362d1fc9bab51dd /src
parent	c12acccca5608033be30a04a197d234e2233220c (diff)
download	cryptography-4b4efb606a0dc98b52c4abce9977fe03a80f98b6.tar.gz cryptography-4b4efb606a0dc98b52c4abce9977fe03a80f98b6.tar.bz2 cryptography-4b4efb606a0dc98b52c4abce9977fe03a80f98b6.zip