Hi,
Not sure whether I should report this as a bug or maybe an enhancement issue or maybe it is as-designed:
I recently migrated from 2.28.8 to 3.6.0 and noticed:
An X.509 certificate DN coded as T61 string (done automatically so by openssl for a DN that contains an underscore) is returned as a hex string in 3.6.0 while it is returned as a regular,
human-readable string in 2.28.8.
As this is not working for us I patched mbedtls_c509_dn_gets() locally as shown below.
Please feedback whether you want me to report an issue or if the 3.6.0 behavior is as-designed for a good reason.
Best regards,
/Almut
--- mbedtls-3.6.0_orig/library/x509.c 2024-03-28 09:59:12.000000000 +0100
+++ mbedtls-3.6.0/library/x509.c 2024-05-21 10:43:43.327442284 +0200
@@ -840,9 +840,7 @@
MBEDTLS_X509_SAFE_SNPRINTF;
}
- print_hexstring = (name->val.tag != MBEDTLS_ASN1_UTF8_STRING) &&
- (name->val.tag != MBEDTLS_ASN1_PRINTABLE_STRING) &&
- (name->val.tag != MBEDTLS_ASN1_IA5_STRING);
+ print_hexstring = !MBEDTLS_ASN1_IS_STRING_TAG(name->val.tag);
if ((ret = mbedtls_oid_get_attr_short_name(&name->oid, &short_name)) == 0) {
ret = mbedtls_snprintf(p, n, "%s=", short_name);