From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 5 May 2014 11:55:15 +0000 (+0200)
Subject: identification: Only use either , or / to separate RDNs
X-Git-Tag: 5.2.0rc1~44
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=aba55fdffe5a119b3d04be7d3ced8c2c38d1ec4a;p=thirdparty%2Fstrongswan.git

identification: Only use either , or / to separate RDNs

If a DN starts with a slash (or whitespace and a slash) slashes will
be used, otherwise commas.
---

diff --git a/src/libstrongswan/tests/suites/test_identification.c b/src/libstrongswan/tests/suites/test_identification.c
index edf53f0fdb..5de7857102 100644
--- a/src/libstrongswan/tests/suites/test_identification.c
+++ b/src/libstrongswan/tests/suites/test_identification.c
@@ -376,14 +376,14 @@ START_TEST(test_equals)
 							 "C=CH, E=moon@strongswan.org, CN=moon");
 
 	ck_assert(id_equals(a, "C=CH, E=moon@strongswan.org, CN=moon"));
-	ck_assert(id_equals(a, "C==CH, E==moon@strongswan.org,,, CN==moon"));
+	ck_assert(id_equals(a, "C==CH , E==moon@strongswan.org , CN==moon"));
 	ck_assert(id_equals(a, "  C=CH, E=moon@strongswan.org, CN=moon  "));
 	ck_assert(id_equals(a, "C=ch, E=moon@STRONGSWAN.ORG, CN=Moon"));
 	ck_assert(id_equals(a, "/C=CH/E=moon@strongswan.org/CN=moon"));
-	ck_assert(id_equals(a, "C=CH/E=moon@strongswan.org/CN=moon"));
-	ck_assert(id_equals(a, "C=CH/E=moon@strongswan.org,CN=moon"));
-	ck_assert(id_equals(a, "C=CH / E=moon@strongswan.org , CN=moon"));
+	ck_assert(id_equals(a, " / C=CH / E=moon@strongswan.org / CN=moon"));
 
+	ck_assert(!id_equals(a, "C=CH/E=moon@strongswan.org/CN=moon"));
+	ck_assert(!id_equals(a, "C=CH/E=moon@strongswan.org,CN=moon"));
 	ck_assert(!id_equals(a, "C=CH E=moon@strongswan.org CN=moon"));
 	ck_assert(!id_equals(a, "C=CN, E=moon@strongswan.org, CN=moon"));
 	ck_assert(!id_equals(a, "E=moon@strongswan.org, C=CH, CN=moon"));
diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c
index b8199c8854..46ac7e890e 100644
--- a/src/libstrongswan/utils/identification.c
+++ b/src/libstrongswan/utils/identification.c
@@ -394,14 +394,24 @@ static status_t atodn(char *src, chunk_t *dn)
 	asn1_t rdn_type;
 	state_t state = SEARCH_OID;
 	status_t status = SUCCESS;
+	char sep = '\0';
 
 	do
 	{
 		switch (state)
 		{
 			case SEARCH_OID:
-				if (*src != ' ' && *src != '/' && *src !=  ',' && *src != '\0')
+				if (!sep && *src == '/')
+				{	/* use / as separator if the string starts with a slash */
+					sep = '/';
+					break;
+				}
+				if (*src != ' ' && *src != '\0')
 				{
+					if (!sep)
+					{	/* use , as separator by default */
+						sep = ',';
+					}
 					oid.ptr = src;
 					oid.len = 1;
 					state = READ_OID;
@@ -441,7 +451,7 @@ static status_t atodn(char *src, chunk_t *dn)
 				{
 					break;
 				}
-				else if (*src != ',' && *src != '/' && *src != '\0')
+				else if (*src != sep && *src != '\0')
 				{
 					name.ptr = src;
 					name.len = 1;
@@ -454,7 +464,7 @@ static status_t atodn(char *src, chunk_t *dn)
 				state = READ_NAME;
 				/* fall-through */
 			case READ_NAME:
-				if (*src != ',' && *src != '/' && *src != '\0')
+				if (*src != sep && *src != '\0')
 				{
 					name.len++;
 					if (*src == ' ')