CVSROOT: /cvs
Module name: src
Changes by: t...@cvs.openbsd.org 2025/01/26 13:18:26
Modified files:
lib/libcrypto/asn1: t_x509.c
Log message:
Rework X509_NAME_print()
This is legacy API that we can unexport since nothing uses it directly.
Unfortunately we need to keep the functions because there are plenty of
things that use it indirectly by passing XN_FLAG_COMPAT to X509_print_ex().
The old implementation parsed the X509_NAME_oneline() output in order to
remove the / preceding the (one or two-uppercase letters) name and to
insert ", " afterward. This is just stupid in so many ways, not least
because there's basically no limit to the garbage that you can stuff into
an X.500 name.
So rework this and only include the name entries whose short names are
one or two letters long. This way, this becomes slightly saner and less
fragile.
ok jsing
