Comment 1 by josvazg:

Here you have an example of this error:
http://play.golang.org/p/g2FmkhJBY0
The output is:
Marshaled ascii name:  [48 47 ... 0]
ERROR Marshaling utf8 name:  ASN.1 structure error: PrintableString contains invalid
character
While it should accept UTF-8 string BY DEFAULT, as everything is supposed to be UTF-8 in
Go unless otherwise specified.

Comment 2 by josvazg:

Although pkix.Name (for instance) allows to specify ASN.1 type information though the
Names Names []AttributeTypeAndValue:
type Name struct {
    Country, Organization, OrganizationalUnit []string
    Locality, Province                        []string
    StreetAddress, PostalCode                 []string
    SerialNumber, CommonName                  string
    Names []AttributeTypeAndValue
}
type AttributeTypeAndValue struct {
    Type  asn1.ObjectIdentifier
    Value interface{}
}
AttributeTypeAndValue mirrors the ASN.1 structure of the same name in
http://tools.ietf.org/html/rfc5280#section-4.1.2.4
I believe that Go's encoding/asn1 should default to UTF8String instead of
PrintableString when nothing is specified, because Go's strings are native UTF8 all over
except when you want it otherwise, in which case is then that you should be forced to
add exceptions or refine your specification, NOT the other way around.

Comment 3 by josvazg:

More on this error.
I created a sample CA certificate using a program called SimpleAuhtority (Java):
http://simpleauthority.com/
I attach the result for testing.
Then I tried to read it and do a asn1 marshal again with the name with this program:
http://play.golang.org/p/lZWjQP0iZI
The result is that:
1) The certificate is properly read, no problem to get UTF8 string values within the
CommonName... BUT
2) It cannot marshal it again cause it defaults to printable string, even though there
is some data in pkix.Name.Names.
The output I got with this test is:
$ go run pemreader.go 
CommonName ñÑáéíóú
Names 0: {[2 5 4 6] ES}
Names 1: {[2 5 4 10] Your Organisation Name}
Names 2: {[2 5 4 11] Certification Authority}
Names 3: {[2 5 4 3] ñÑáéíóú}
ERROR Marshaling utf8 name:  ASN.1 structure error: PrintableString contains invalid
character

Attachments:

1. cert.pem (1342 bytes)

Comment 5:

As you might have noticed, ASN.1 strings are a disaster.
I don't believe that we want to use UTF8String everywhere for compatibility reasons.
However, it does seem that we could do better here: i.e. switch to UTF8String when
needed and PrintableString otherwise.

Labels changed: added priority-soon, removed priority-triage.

Owner changed to @agl.

Status changed to Accepted.

Comment 6 by josvazg:

Is there a workaround I can use to avoid this problem while this is fixed?

Comment 7:

It depends what you're trying to do. In general, reserialising ASN.1 certificates is
unwise: encoding/asn1 doesn't try to maintain enough metadata to do a good job. Rather
you should you Certificate.Raw, which contains the original DER bytes.

Comment 8 by josvazg:

I am trying to write a WebCA in go: 
github.com/josvazg/webca
I just need to be able to let the user create certificates with names like "estoEsUnaÑ"
or attributes like my current home town, "Torrejón de Ardoz" without the app failing on
them.
The test in which I reseralized the certificate was just to see if pkix.Name.Names
included ASN.1 type information that could avoid the error, and the answer was NO.
In my code, on the other hand, I fill a pkix.Name struct that I pass to generate a
certificate in a similar way you do it on your go tests.

Comment 9:

http://golang.org/cl/6348074 sent for review.

Comment 10:

This issue was closed by revision eeffa73.

Status changed to Fixed.