From b6d84ebc6fa0b6e9ecd2d753d3b2d46937486153 Mon Sep 17 00:00:00 2001
From: Viktor Dukhovni <postfix-users@dukhovni.org>
Date: Thu, 19 Jun 2014 10:58:14 -0400
Subject: [PATCH] Sanitize non-printables in X509_NAME_oneline output

---
 postfix/src/tls/tls_server.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/postfix/src/tls/tls_server.c b/postfix/src/tls/tls_server.c
index 0beb74598..0e3104624 100644
--- a/postfix/src/tls/tls_server.c
+++ b/postfix/src/tls/tls_server.c
@@ -865,10 +865,10 @@ TLS_SESS_STATE *tls_server_post_accept(TLS_SESS_STATE *TLScontext)
 	if (TLScontext->log_mask & TLS_LOG_VERBOSE) {
 	    X509_NAME_oneline(X509_get_subject_name(peer),
 			      buf, sizeof(buf));
-	    msg_info("subject=%s", buf);
+	    msg_info("subject=%s", printable(buf, '?'));
 	    X509_NAME_oneline(X509_get_issuer_name(peer),
 			      buf, sizeof(buf));
-	    msg_info("issuer=%s", buf);
+	    msg_info("issuer=%s", printable(buf, '?'));
 	}
 	TLScontext->peer_CN = tls_peer_CN(peer, TLScontext);
 	TLScontext->issuer_CN = tls_issuer_CN(peer, TLScontext);
-- 
2.47.3