Hi, On Tue, Nov 14, 2017 at 3:31 AM, Gert Doering <g...@greenie.muc.de> wrote: > Hi, > > On Mon, Nov 13, 2017 at 01:16:46PM +0100, David Sommerseth wrote: >> But we should consider if we want to make use of a JSON library >> producing the JSON streams. The reason is to ensure the output is >> according to the specification and that escaping if contents is >> consistent and proper. Imagine if someone puts a double-quote into the >> CN field of a certificate? >> >> CN="} Lets explode things, O=Hacktivist0 >> >> Or other characters which needs escaping. > > I'm not convinced we want to import a new library dependency and a heap > of #ifdef for this. > > Escaping on *output* is pretty trivial ("characters from <this set> > need to be encoded <like this>") - and as long as we do not need to parse > *incoming* JSON, a full-blown new library is mainly adding complications > (like, configure flags, #ifdefs, library version dependencies, ...).
+1 Best regards, Jon Bullard ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel