From: james <james@e7ae566f-a301-0410-adde-c780ea21d3b5>
Date: Sat, 19 Jul 2008 00:29:31 +0000 (+0000)
Subject: Replace leading dash ('-') characters in an X509 name with underbars ('_')
X-Git-Tag: v2.1_rc9~12
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7621883663b7948faccc610e12e017cd8f0b16df;p=thirdparty%2Fopenvpn.git

Replace leading dash ('-') characters in an X509 name with underbars ('_')
before calling user-defined scripts, to preclude the chance of a leading
dash being interpreted as an option prefix.


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3083 e7ae566f-a301-0410-adde-c780ea21d3b5
---

diff --git a/buffer.c b/buffer.c
index 8febc911b..c90ff9f50 100644
--- a/buffer.c
+++ b/buffer.c
@@ -804,6 +804,20 @@ string_mod_const (const char *str,
     return NULL;
 }
 
+void
+string_replace_leading (char *str, const char match, const char replace)
+{
+  ASSERT (match != '\0');
+  while (*str)
+    {
+      if (*str == match)
+	*str = replace;
+      else
+	break;
+      ++str;
+    }
+}
+
 #ifdef CHARACTER_CLASS_DEBUG
 
 #define CC_INCLUDE    (CC_PRINT)
diff --git a/buffer.h b/buffer.h
index d8ef00ffb..888886915 100644
--- a/buffer.h
+++ b/buffer.h
@@ -615,6 +615,8 @@ const char *string_mod_const (const char *str,
 			      const char replace,
 			      struct gc_arena *gc);
 
+void string_replace_leading (char *str, const char match, const char replace);
+
 #ifdef CHARACTER_CLASS_DEBUG
 void character_class_debug (void);
 #endif
diff --git a/ssl.c b/ssl.c
index bbb998bbb..9f7aa9d20 100644
--- a/ssl.c
+++ b/ssl.c
@@ -554,6 +554,9 @@ verify_callback (int preverify_ok, X509_STORE_CTX * ctx)
 
   /* enforce character class restrictions in X509 name */
   string_mod (subject, X509_NAME_CHAR_CLASS, 0, '_');
+  string_replace_leading (subject, '-', '_');
+
+  msg (M_INFO, "X509: '%s'", subject); // JYFIXME
 
   /* extract the common name */
 #ifdef USE_OLD_EXTRACT_X509_FIELD