Re: [openssl-users] Escaped Issuer/Subject
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of c.hol...@ades.at > Sent: Wednesday, April 12, 2017 00:47 > > I thought about escaping regarding DN itself (LDAP DN). It's an X.400 DN. LDAP is a protocol and an API; there's no necessary relationship between X.509 certificates and LDAP. More importantly, escaping is an aspect of interpretation, not source. If you need an X.400 DN escaped in, say, an LDAP context such as a value in a search filter, that's a requirement of LDAP, and the transformation is determined by LDAP. It is not a property of the "DN itself". Escaping a DN for a particular context is no different from escaping any other string for that context. Your conceptual model is wrong, and that is a Bad Thing, particularly with escaping. Having the wrong conceptual model when escaping data leads to difficult-to-find errors and security vulnerabilities. Rich has mentioned -nameopt and its implementing code, which may serve as a guide. But they're unlikely to precisely meet your requirements, whatever they actually are. Michael Wojcik Distinguished Engineer, Micro Focus -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Escaped Issuer/Subject
> I thought about escaping regarding DN itself (LDAP DN). Look up the -nameopt flag in, say, x509.pod Then if you need C code, trace through what apps/x509.c does. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Escaped Issuer/Subject
I thought about escaping regarding DN itself (LDAP DN). https://www.ietf.org/rfc/rfc4514.txt https://www.ibm.com/support/knowledgecenter/en/ssw_i5_54/rzahy/rzahyunderdn.htm https://msdn.microsoft.com/en-us/library/aa366101%28v=vs.85%29.aspx Best regards -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Escaped Issuer/Subject
On 11-04-17 10:56, c.hol...@ades.at wrote: > Hi! > > Is it possible to get the distinguished name of issuer or subject in a > escaped form out of the box? Escaped for what? XML? SQL? HTML? Shell scripts? Maybe something else? "Escaped form" isn't something that exists as a generic term. If you want a string escaped, you're going to have to use some string escape function of whatever it is you're trying to escape for; e.g., the database or XML library you're using (you *are* using a library to generate a structured format, are you?). Otherwise you're going down the PHP "addslashes" pitfall, which won't help you nor anyone else. Regards, -- Wouter Verhelst -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Escaped Issuer/Subject
Hi! Is it possible to get the distinguished name of issuer or subject in a escaped form out of the box? e.g. C=US, O=test, Inc., OU=department=1, CN=tester " C=US, O=test\, Inc., OU=department\=1, CN=tester \" cheers, chris -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users