the fixing code for "=" for openssl is wrong ;o)
example - one dn my look like this: DN: unstructuredName=pix-emt2.domain.tld+CN=pix-emt2.domain.tld
than the code at around line 550 will transform this to: unstructuredName=pix-emt2.domain.tld+CN\=pix-emt2.domain.tld
I didn't expect multivalued RDNs.
which is just not right in this case - this second "=" has to be still unescaped...
Correct.
## OpenSSL includes a bug in -nameopt RFC2253
## = signs are not escaped if they are normal values
my $i = 0;
my $now = "name";
while ($i < length ($fixed_dn))
{
if (substr ($fixed_dn, $i, 1) =~ /\\/)
{
$i++;
} elsif (substr ($fixed_dn, $i, 1) =~ /=/) {
if ($now =~ /value/)
{
## OpenSSL forgets to escape =
$fixed_dn = substr ($fixed_dn, 0,
$i)."\\".substr ($fixed_dn, $i);
$i++;
} else {
$now = "value";
}
} elsif (substr ($fixed_dn, $i, 1) =~ /,/) {
Here we can start the "fix". The plus sign "+" has the same meaning for the fixing code like a comma ",". The correct line looks like this:
} elsif (substr ($fixed_dn, $i, 1) =~ /[,+]/) {
$now = "name"; } $i++; }
print "fixed_dn: ".$fixed_dn."<br>\n" if ($self->{DEBUG});
Can you test the fix with your DNs please?
Best regards
Michael
P.S. does somebody know why I used regular expressions and not simply "eq"? -- ------------------------------------------------------------------- Michael Bell Email: [EMAIL PROTECTED] ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482 (Computing Centre) Fax: +49 (0)30-2093 2704 Humboldt-University of Berlin Unter den Linden 6 10099 Berlin Email (private): [EMAIL PROTECTED] Germany http://www.openca.org
-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
OpenCA-Devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-devel
