On Tue, Nov 14, 2017 at 7:17 AM, Jan Just Keijser <janj...@nikhef.nl> wrote:
> On 14/11/17 09:31, Gert Doering wrote:
>
>> On Mon, Nov 13, 2017 at 01:16:46PM +0100, David Sommerseth wrote:
>>
>>> But we should consider if we want to make use of a JSON library
>>> producing the JSON streams. The reason is to ensure the output is
>>> according to the specification and that escaping if contents is
>>> consistent and proper. Imagine if someone puts a double-quote into the
>>> CN field of a certificate?
>>>
>>> CN="} Lets explode things, O=Hacktivist0
>>>
>>> Or other characters which needs escaping.
>>>
>> I'm not convinced we want to import a new library dependency and a heap
>> of #ifdef for this.
>>
>> Escaping on *output* is pretty trivial ("characters from <this set>
>> need to be encoded <like this>") - and as long as we do not need to parse
>> *incoming* JSON, a full-blown new library is mainly adding complications
>> (like, configure flags, #ifdefs, library version dependencies, ...).
>>
>> But you knew that this response would be coming :-)
>>
>>
>> +1
Piling on... with another +1 :)
I would even say that if an external library is required reconsider whether
we really
need JSON output.
Selva
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
