diff options
author | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2008-07-19 00:29:31 +0000 |
---|---|---|
committer | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2008-07-19 00:29:31 +0000 |
commit | 7621883663b7948faccc610e12e017cd8f0b16df (patch) | |
tree | 304a23d3a68569ad287734b9dff71751d029f9ca | |
parent | Added a warning when plugins are specified without (diff) | |
download | openvpn-7621883663b7948faccc610e12e017cd8f0b16df.tar.xz |
Replace leading dash ('-') characters in an X509 name with underbars ('_')
before calling user-defined scripts, to preclude the chance of a leading
dash being interpreted as an option prefix.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3083 e7ae566f-a301-0410-adde-c780ea21d3b5
-rw-r--r-- | buffer.c | 14 | ||||
-rw-r--r-- | buffer.h | 2 | ||||
-rw-r--r-- | ssl.c | 3 |
3 files changed, 19 insertions, 0 deletions
@@ -804,6 +804,20 @@ string_mod_const (const char *str, return NULL; } +void +string_replace_leading (char *str, const char match, const char replace) +{ + ASSERT (match != '\0'); + while (*str) + { + if (*str == match) + *str = replace; + else + break; + ++str; + } +} + #ifdef CHARACTER_CLASS_DEBUG #define CC_INCLUDE (CC_PRINT) @@ -615,6 +615,8 @@ const char *string_mod_const (const char *str, const char replace, struct gc_arena *gc); +void string_replace_leading (char *str, const char match, const char replace); + #ifdef CHARACTER_CLASS_DEBUG void character_class_debug (void); #endif @@ -554,6 +554,9 @@ verify_callback (int preverify_ok, X509_STORE_CTX * ctx) /* enforce character class restrictions in X509 name */ string_mod (subject, X509_NAME_CHAR_CLASS, 0, '_'); + string_replace_leading (subject, '-', '_'); + + msg (M_INFO, "X509: '%s'", subject); // JYFIXME /* extract the common name */ #ifdef USE_OLD_EXTRACT_X509_FIELD |