How to encode request password in certificate request

I am using linux version of openssl req to generate csr password with password prompt, everything is going well except it cannot print this attribute:

# openssl req -new -key private.key -out server.csr 
# openssl req -in server.csr -noout -text
  Certificate Request: ...
         Attributes:
             challengePassword        :unable to print attribute ...

      

        
        
        
      

    

I tested with OpenSSL 1.0.1j on Fedora and OpenSSL 1.0.1 on ubuntu, both cannot write challengePassword to csr file.

But if I am using windows version, it might work:

# openssl req -in test.csr -noout -text
  Certificate Request:
  ...
        Attributes:
            challengePassword        :00F7FC7937B5366F2231AC891472998C

      

        
        
        
      

    

... I am using 64 bit opensl from SCEP tool :

Then I searched openssl doc and found this suggestion:

attributes

this indicates a section containing any attributes of the request: its format matches the distinguished name. They can usually contain challengePassword or unstructured types. They are currently ignored by the OpenSSL request signing utilities, but some CAs may want them .

Yes, some CAs might want them. I am using NDES windows 2008 r2, it needs a password to request, it looks like it cannot be generated by openssl req app, can I use openssl C or python / perl API? Or do I need to fix the openssl code?

I also asked this question in the sscep issue list, they told me I need to encode the password for the BMPString request. But I don't know how to code it. Can anyone give me a guide?