From 4b4efb606a0dc98b52c4abce9977fe03a80f98b6 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Sat, 22 Aug 2015 16:29:48 -0500
Subject: set the default stringmask to utf8

This corrects a problem where older OpenSSL versions don't do this by
default. fixes #2291
---
 src/cryptography/hazmat/backends/openssl/backend.py | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'src')

diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index 9eae69c7..8c4abcd6 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -521,6 +521,12 @@ class Backend(object):
         self._ffi = self._binding.ffi
         self._lib = self._binding.lib
 
+        # Set the default string mask for encoding ASN1 strings to UTF8. This
+        # is the default for newer OpenSSLs for several years and is
+        # recommended in RFC 2459.
+        res = self._lib.ASN1_STRING_set_default_mask_asc(b"utf8only")
+        assert res == 1
+
         self._binding.init_static_locks()
 
         # adds all ciphers/digests for EVP
-- 
cgit v1.2.3