Hi,

 

Not sure whether I should report this as a bug or maybe an enhancement issue or maybe it is as-designed:

I recently migrated from 2.28.8 to 3.6.0 and noticed:

An X.509 certificate DN coded as T61 string (done automatically so by openssl for a DN that contains an underscore) is returned as a hex string in 3.6.0 while it is returned as a regular, human-readable string in 2.28.8.

As this is not working for us I patched mbedtls_c509_dn_gets() locally as shown below.

 

Please feedback whether you want me to report an issue or if the 3.6.0  behavior is as-designed for a good reason.

 

Best regards,

/Almut

 

--- mbedtls-3.6.0_orig/library/x509.c              2024-03-28 09:59:12.000000000 +0100

+++ mbedtls-3.6.0/library/x509.c                     2024-05-21 10:43:43.327442284 +0200

@@ -840,9 +840,7 @@

             MBEDTLS_X509_SAFE_SNPRINTF;

         }

-        print_hexstring = (name->val.tag != MBEDTLS_ASN1_UTF8_STRING) &&

-                          (name->val.tag != MBEDTLS_ASN1_PRINTABLE_STRING) &&

-                          (name->val.tag != MBEDTLS_ASN1_IA5_STRING);

+        print_hexstring = !MBEDTLS_ASN1_IS_STRING_TAG(name->val.tag);

         if ((ret = mbedtls_oid_get_attr_short_name(&name->oid, &short_name)) == 0) {

             ret = mbedtls_snprintf(p, n, "%s=", short_name);