On 02.01.2011 01:04, Stefan Fritsch wrote:
This will still treat non character string types (such as OCTET
STRING) incorrectly, but I think we can ignore that problem. Or do you
think we should add ASN1_STRFLGS_DUMP_UNKNOWN | ASN1_STRFLGS_DUMP_DER,
too?
I wouldn't recommend to add these,
On Sunday 02 January 2011, Dr Stephen Henson wrote:
On 02/01/2011 18:42, Stefan Fritsch wrote:
On Sunday 02 January 2011, Dr Stephen Henson wrote:
There is a bug in OpenSSL currently for those options: it
doesn't escape the escape character itself (which it should
treat as a special case
On 1/3/2011 3:06 PM, Stefan Fritsch wrote:
The single octet 0xFF should be converted to some UTF8 character
according to the string type it occurs in, shouldn't it? Since we are
only escaping control characters I expect that only the codes in the
range \00 to \1F can appear in \xx form.
On 03.01.2011 22:06, Stefan Fritsch wrote:
On Sunday 02 January 2011, Dr Stephen Henson wrote:
I'm thinking here how that might be abused. In the current broken
OpenSSL code it doesn't escape a backslash with those options. So
the following look identical when printed:
1. The single octet
On 31/12/2010 07:52, Kaspar Brand wrote:
On 30.12.2010 13:43, Stefan Fritsch wrote:
The latter. I suggest using ASN1_STRING_print_ex() with
ASN1_STRFLGS_RFC2253 ~ASN1_STRFLGS_ESC_MSB (will escape them as
\0).
OK, makes sense.
ASN1_STRING_print_ex escapes a whole lot of other stuff, too.
On Sunday 02 January 2011, Dr Stephen Henson wrote:
On 31/12/2010 07:52, Kaspar Brand wrote:
On 30.12.2010 13:43, Stefan Fritsch wrote:
The latter. I suggest using ASN1_STRING_print_ex() with
ASN1_STRFLGS_RFC2253 ~ASN1_STRFLGS_ESC_MSB (will escape them
as \0).
OK, makes sense.
On 02/01/2011 18:42, Stefan Fritsch wrote:
On Sunday 02 January 2011, Dr Stephen Henson wrote:
There is a bug in OpenSSL currently for those options: it doesn't
escape the escape character itself (which it should treat as a
special case and always escape it if any other escaping is in
use).
On Friday 31 December 2010, Kaspar Brand wrote:
On 30.12.2010 13:43, Stefan Fritsch wrote:
The latter. I suggest using ASN1_STRING_print_ex() with
ASN1_STRFLGS_RFC2253 ~ASN1_STRFLGS_ESC_MSB (will escape them
as \0).
OK, makes sense.
ASN1_STRING_print_ex escapes a whole lot of
On Monday 20 December 2010, Stefan Fritsch wrote:
Can
we reject such certificates somehow? Should we close the
connection if we see such a thing in ssl_var_lookup_ssl_cert?
Or should we try to escape the 0-byte in the variable?
The latter. I suggest using
On 30.12.2010 13:43, Stefan Fritsch wrote:
The latter. I suggest using ASN1_STRING_print_ex() with
ASN1_STRFLGS_RFC2253 ~ASN1_STRFLGS_ESC_MSB (will escape them as
\0).
OK, makes sense.
ASN1_STRING_print_ex escapes a whole lot of other stuff, too. So this
change would also introduce an
10 matches
Mail list logo
