Hi, On Mon, Nov 13, 2017 at 01:16:46PM +0100, David Sommerseth wrote: > But we should consider if we want to make use of a JSON library > producing the JSON streams. The reason is to ensure the output is > according to the specification and that escaping if contents is > consistent and proper. Imagine if someone puts a double-quote into the > CN field of a certificate? > > CN="} Lets explode things, O=Hacktivist0 > > Or other characters which needs escaping.
I'm not convinced we want to import a new library dependency and a heap
of #ifdef for this.
Escaping on *output* is pretty trivial ("characters from <this set>
need to be encoded <like this>") - and as long as we do not need to parse
*incoming* JSON, a full-blown new library is mainly adding complications
(like, configure flags, #ifdefs, library version dependencies, ...).
But you knew that this response would be coming :-)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany [email protected]
fax: +49-89-35655025 [email protected]
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
