Use string_mask = nombstr so that openssl uses PRINTABLESTRING

rather than UTF8STRING when putting things like Organization into
certificates.  SMPTE 430/2/2006 specifies this, and apparently
Waimea raises an error if UTF8STRING is used (as seems to be
openssl's default).

diff --git a/src/certificate_chain.cc b/src/certificate_chain.cc
index 3ea6db60ee5fffaca1d70add4d369f39dc4c3bbf..851252afdfd9b9432a9563d290f524db5c984136 100644 (file)
--- a/src/certificate_chain.cc
+++ b/src/certificate_chain.cc
@@ -201,6 +201,7 @@ CertificateChain::CertificateChain (
                f << "[ req ]\n"
                  << "distinguished_name = req_distinguished_name\n"
                  << "x509_extensions   = v3_ca\n"
+                 << "string_mask = nombstr\n"
                  << "[ v3_ca ]\n"
                  << "basicConstraints = critical,CA:true,pathlen:3\n"
                  << "keyUsage = keyCertSign,cRLSign\n"
@@ -234,6 +235,7 @@ CertificateChain::CertificateChain (
                f << "[ default ]\n"
                  << "distinguished_name = req_distinguished_name\n"
                  << "x509_extensions = v3_ca\n"
+                 << "string_mask = nombstr\n"
                  << "[ v3_ca ]\n"
                  << "basicConstraints = critical,CA:true,pathlen:2\n"
                  << "keyUsage = keyCertSign,cRLSign\n"
@@ -272,6 +274,7 @@ CertificateChain::CertificateChain (
                f << "[ default ]\n"
                  << "distinguished_name = req_distinguished_name\n"
                  << "x509_extensions   = v3_ca\n"
+                 << "string_mask = nombstr\n"
                  << "[ v3_ca ]\n"
                  << "basicConstraints = critical,CA:false\n"
                  << "keyUsage = digitalSignature,keyEncipherment\n"