Here's a diff to clean up the XXX that I added in my previous commit.
If the SAN isn't listed in the config file, it could be anything, so
let's print it with strvisx(). If the SAN is listed but duplicate, this
feels like overkill, so let's not bother.
Index: revokeproc.c
===================================================================
RCS file: /cvs/src/usr.sbin/acme-client/revokeproc.c,v
retrieving revision 1.24
diff -u -p -r1.24 revokeproc.c
--- revokeproc.c 17 Dec 2022 13:53:38 -0000 1.24
+++ revokeproc.c 17 Dec 2022 21:12:53 -0000
@@ -23,6 +23,7 @@
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
+#include <vis.h>
#include <openssl/pem.h>
#include <openssl/x509.h>
@@ -177,9 +178,17 @@ revokeproc(int fd, const char *certfile,
}
if (j == altsz) {
if (revocate) {
- /* XXX strnvis? */
- warnx("%s: unexpected SAN entry: %.*s",
- certfile, name_len, name_buf);
+ char *visbuf;
+
+ visbuf = calloc(4, name_len + 1);
+ if (visbuf == NULL) {
+ warn("%s: unexpected SAN", certfile);
+ goto out;
+ }
+ strvisx(visbuf, name_buf, name_len, VIS_SAFE);
+ warnx("%s: unexpected SAN entry: %s",
+ certfile, visbuf);
+ free(visbuf);
goto out;
}
force = 2;
@@ -187,7 +196,6 @@ revokeproc(int fd, const char *certfile,
}
if (found[j]++) {
if (revocate) {
- /* XXX strnvis? */
warnx("%s: duplicate SAN entry: %.*s",
certfile, name_len, name_buf);
goto out;
