On 02/01/2011 18:42, Stefan Fritsch wrote: > On Sunday 02 January 2011, Dr Stephen Henson wrote: > >> There is a bug in OpenSSL currently for those options: it doesn't >> escape the escape character itself (which it should treat as a >> special case and always escape it if any other escaping is in >> use). That means some representations are ambiguous with those >> options. >> >> When that is fixed even 7 bit without control characters will have >> at least one difference: the backslash will always appear escaped >> as "\\". > > I guess backslashes are very seldomly used in certificates. Therefore, > I would just document that change for now and only add a backward > compatibility option if the change turns out to be a problem for > users. >
I'm thinking here how that might be abused. In the current broken OpenSSL code it doesn't escape a backslash with those options. So the following look identical when printed: 1. The single octet 0xFF. 2. The three character string "\FF". Steve. -- Dr Stephen N. Henson. Senior Technical/Cryptography Advisor, Open Source Software Institute: www.oss-institute.org OpenSSL Core team: www.openssl.org