On 14/11/17 09:31, Gert Doering wrote:
On Mon, Nov 13, 2017 at 01:16:46PM +0100, David Sommerseth wrote:
But we should consider if we want to make use of a JSON library
producing the JSON streams. The reason is to ensure the output is
according to the specification and that escaping if contents is
consistent and proper. Imagine if someone puts a double-quote into the
CN field of a certificate?
CN="} Lets explode things, O=Hacktivist0
Or other characters which needs escaping.
I'm not convinced we want to import a new library dependency and a heap
of #ifdef for this.
Escaping on *output* is pretty trivial ("characters from <this set>
need to be encoded <like this>") - and as long as we do not need to parse
*incoming* JSON, a full-blown new library is mainly adding complications
(like, configure flags, #ifdefs, library version dependencies, ...).
But you knew that this response would be coming :-)
+1
JJK
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
