the fixing code for "=" for openssl is wrong ;o)
example - one dn my look like this:
DN: unstructuredName=pix-emt2.domain.tld+CN=pix-emt2.domain.tld
than the code at around line 550 will transform this to:
unstructuredName=pix-emt2.domain.tld+CN\=pix-emt2.domain.tld
which is just not right in this case - this second "=" has to be still
unescaped...
this wrong DN will cause the X500::DN just to stop at the parsing
routine without any error...
neither at the webpage nor at the logfiles... so not a good thing
and OpenCA just gives an empty nice white page back - without any
errors ;o), everytime this offending request goes through the system
for the meantime i just circumvent the fixing code - so it
works fine for me - since there are no requests with "=" inside
but should be fixed - i think
so i havn't corrected the code right now - but the offending
code sniped is right here - maybe someone can see the failure
greetings
dalini
## OpenSSL includes a bug in -nameopt RFC2253
## = signs are not escaped if they are normal values
my $i = 0;
my $now = "name";
while ($i < length ($fixed_dn))
{
if (substr ($fixed_dn, $i, 1) =~ /\\/)
{
$i++;
} elsif (substr ($fixed_dn, $i, 1) =~ /=/) {
if ($now =~ /value/)
{
## OpenSSL forgets to escape =
$fixed_dn = substr ($fixed_dn, 0,
$i)."\\".substr ($fixed_dn, $i);
$i++;
} else {
$now = "value";
}
} elsif (substr ($fixed_dn, $i, 1) =~ /,/) {
$now = "name";
}
$i++;
}
print "fixed_dn: ".$fixed_dn."<br>\n" if ($self->{DEBUG});
-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb:
Dedicated Hosting for just $79/mo with 500 GB of bandwidth!
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
OpenCA-Devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-devel
