diff options
| author | jim-p <jimp@pfsense.org> | 2017-05-11 16:38:53 -0400 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2017-05-11 16:38:53 -0400 |
| commit | 83d2b83af9953ecbcc5917d935f077e7dabe8e10 (patch) | |
| tree | 54cfc0103463e2b99ad785e56316216ba0ce686c /src/etc/inc/certs.inc | |
| parent | d777679c95532ec66994e074b62dd4ea34dff150 (diff) | |
| download | pfsense-83d2b83af9953ecbcc5917d935f077e7dabe8e10.zip pfsense-83d2b83af9953ecbcc5917d935f077e7dabe8e10.tar.gz | |
Allow a wider range of characters to be used in certificate fields, as laid out by RFC 4514. Fixes #7540
Diffstat (limited to 'src/etc/inc/certs.inc')
| -rw-r--r-- | src/etc/inc/certs.inc | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/src/etc/inc/certs.inc b/src/etc/inc/certs.inc index cb3d1b1..b30a607 100644 --- a/src/etc/inc/certs.inc +++ b/src/etc/inc/certs.inc @@ -995,4 +995,20 @@ function cert_get_cn($crt, $isref = false) { return ""; } +function cert_escape_x509_chars($str, $reverse = false) { + /* Characters which need escaped when present in x.509 fields. + * See https://www.ietf.org/rfc/rfc4514.txt + * + * The backslash (\) must be listed first in these arrays! + */ + $cert_directory_string_special_chars = array('\\', '"', '#', '+', ',', ';', '<', '=', '>'); + $cert_directory_string_special_chars_esc = array('\\\\', '\"', '\#', '\+', '\,', '\;', '\<', '\=', '\>'); + if ($reverse) { + return str_replace($cert_directory_string_special_chars_esc, $cert_directory_string_special_chars, $str); + } else { + /* First unescape and then escape again, to prevent possible double escaping. */ + return str_replace($cert_directory_string_special_chars, $cert_directory_string_special_chars_esc, cert_escape_x509_chars($str, true)); + } +} + ?> |
