CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2025/12/21 00:14:47
Modified files:
usr.bin/openssl: ca.c
Log message:
Reimplement ASN1_PRINTABLE_type() dance in ca.c
In ca.c, there is some minimal validation of strings in the subject of
a certificate. ASN1_PRINTABLE_type() is silly API that only exists for
this one call. I want to remove a_print.c in the next major bump.
ASN1_PRINTABLE_type() returns V_ASN1_PRINTABLESTRING if all characters
belong to the specific subset of ASCII listed in X.680, 41.4, Table 10.
Otherwise it returns V_ASN1_T61STRING or V_ASN1_IA5STRING depending on
whether there is a character with the high bit set or not.
With this in mind, the logic in ca.c comes down to this: blindly allow
UTF-8, BMP and T61 strings. All other strings get rejected if the high
bit of some character is set, or if the string is printable and there
is a non-printable character.
ok jsing kenjiro
