Hi, On Mon, Nov 13, 2017 at 01:16:46PM +0100, David Sommerseth wrote: > But we should consider if we want to make use of a JSON library > producing the JSON streams. The reason is to ensure the output is > according to the specification and that escaping if contents is > consistent and proper. Imagine if someone puts a double-quote into the > CN field of a certificate? > > CN="} Lets explode things, O=Hacktivist0 > > Or other characters which needs escaping.
I'm not convinced we want to import a new library dependency and a heap of #ifdef for this. Escaping on *output* is pretty trivial ("characters from <this set> need to be encoded <like this>") - and as long as we do not need to parse *incoming* JSON, a full-blown new library is mainly adding complications (like, configure flags, #ifdefs, library version dependencies, ...). But you knew that this response would be coming :-) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel