Quantcast

Escaped Issuer/Subject

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Escaped Issuer/Subject

c.holper@ades.at
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Escaped Issuer/Subject

OpenSSL - User mailing list
> I thought about escaping regarding DN itself (LDAP DN).

Look up the -nameopt flag in, say, x509.pod  Then if you need C code, trace through what apps/x509.c does.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Escaped Issuer/Subject

Michael Wojcik
In reply to this post by c.holper@ades.at
> From: openssl-users [mailto:[hidden email]] On Behalf
> Of [hidden email]
> Sent: Wednesday, April 12, 2017 00:47
>
> I thought about escaping regarding DN itself (LDAP DN).

It's an X.400 DN. LDAP is a protocol and an API; there's no necessary relationship between X.509 certificates and LDAP.

More importantly, escaping is an aspect of interpretation, not source. If you need an X.400 DN escaped in, say, an LDAP context such as a value in a search filter, that's a requirement of LDAP, and the transformation is determined by LDAP. It is not a property of the "DN itself". Escaping a DN for a particular context is no different from escaping any other string for that context.

Your conceptual model is wrong, and that is a Bad Thing, particularly with escaping. Having the wrong conceptual model when escaping data leads to difficult-to-find errors and security vulnerabilities.

Rich has mentioned -nameopt and its implementing code, which may serve as a guide. But they're unlikely to precisely meet your requirements, whatever they actually are.

Michael Wojcik
Distinguished Engineer, Micro Focus


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Loading...