Replace leading dash ('-') characters in an X509 name with underbars ('_')

before calling user-defined scripts, to preclude the chance of a leading dash being interpreted as an option prefix. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3083 e7ae566f-a301-0410-adde-c780ea21d3b5
2026-06-11 09:50:26 -04:00 · 2008-07-19 00:29:31 +00:00 · 2008-07-19 00:29:31 +00:00 · 7621883663
commit 7621883663
parent d1dcc3e706
3 changed files with 19 additions and 0 deletions
--- a/buffer.c
+++ b/buffer.c
@ -804,6 +804,20 @@ string_mod_const (const char *str,
    return NULL;
 }

+void
+string_replace_leading (char *str, const char match, const char replace)
+{
+  ASSERT (match != '\0');
+  while (*str)
+    {
+      if (*str == match)
+	*str = replace;
+      else
+	break;
+      ++str;
+    }
+}
+
 #ifdef CHARACTER_CLASS_DEBUG

 #define CC_INCLUDE    (CC_PRINT)
--- a/buffer.h
+++ b/buffer.h
@ -615,6 +615,8 @@ const char *string_mod_const (const char *str,
 			      const char replace,
 			      struct gc_arena *gc);

+void string_replace_leading (char *str, const char match, const char replace);
+
 #ifdef CHARACTER_CLASS_DEBUG
 void character_class_debug (void);
 #endif
--- a/ssl.c
+++ b/ssl.c
@ -554,6 +554,9 @@ verify_callback (int preverify_ok, X509_STORE_CTX * ctx)

  /* enforce character class restrictions in X509 name */
  string_mod (subject, X509_NAME_CHAR_CLASS, 0, '_');
+  string_replace_leading (subject, '-', '_');
+
+  msg (M_INFO, "X509: '%s'", subject); // JYFIXME

  /* extract the common name */
 #ifdef USE_OLD_EXTRACT_X509_FIELD