Modify openssl to allow all characters except # in distinguished names.

git-svn-id: svn://svn.alpinelinux.org/acf/openssl/trunk@1305 ab2d0c66-481e-0410-8bed-d214d4d58bed
author: Ted Trask <ttrask01@yahoo.com> 2008-07-15 18:21:53 +0000
committer: Ted Trask <ttrask01@yahoo.com> 2008-07-15 18:21:53 +0000
commit: ebe93b2671c8c7915b128b967edece12961fe9c4 (patch)
tree: a56ee3d31c4d791ab1d3f4268c251736cf307c17
parent: 8672de2f74059934cd29376dcae985966e244396 (diff)
download: acf-openssl-ebe93b2671c8c7915b128b967edece12961fe9c4.tar.bz2
acf-openssl-ebe93b2671c8c7915b128b967edece12961fe9c4.tar.xz
2 files changed, 8 insertions, 6 deletions
diff --git a/openssl-ca-acf.cnf b/openssl-ca-acf.cnf
index fd48c49..73db0c6 100644
--- a/openssl-ca-acf.cnf
+++ b/openssl-ca-acf.cnf
@@ -150,7 +150,7 @@ authorityKeyIdentifier		= keyid,issuer:always
 basicConstraints		= CA:FALSE
 subjectKeyIdentifier		= hash
 authorityKeyIdentifier		= keyid,issuer:always
-policy				= policy_acf_ca
+policy				= policy_acf_cert
 
 
 [ ssl_server_cert ]
@@ -182,7 +182,7 @@ keyUsage			= cRLSign, keyCertSign
 extendedKeyUsage		= 
 subjectKeyIdentifier		= hash
 authorityKeyIdentifier		= keyid,issuer:always
-policy				= policy_acf_cert
+policy				= policy_acf_ca
 
 [ crl_ext ]
 authorityKeyIdentifier		= keyid,issuer:always
diff --git a/openssl-model.lua b/openssl-model.lua
index 6a17a0c..bcaf477 100644
--- a/openssl-model.lua
+++ b/openssl-model.lua
@@ -53,8 +53,8 @@ local validate_distinguished_names = function(values)
 	local success = true
 
 	for name,value in pairs(values.value) do
-		if string.find(value.value, "[,/'=]") then
-			value.errtxt = "Value cannot contain =/,'"
+		if string.find(value.value, "[#]") then
+			value.errtxt = "Value cannot contain #"
 			success = false
 		end
 
@@ -102,14 +102,16 @@ local create_subject_string = function(values, ignorevalues)
 		reverseshorts[short] = name
 	end
 	for name,value in pairs(values.value) do
-		name = name:gsub(".*%.", "")
+		name = name:gsub(".*%.", "")	-- remove the "0." from the front
+		value.value = value.value:gsub("[/=]", "\%1")	-- escape characters
 		if (short_names[name] or reverseshorts[name]) and value.value and value.value ~= "" then
 			name = short_names[name] or name
 			outstr[#outstr + 1] = name .. "=" .. value.value
 		end
 	end
 	for name,value in pairs(values.value) do
-		name = name:gsub(".*%.", "")
+		name = name:gsub(".*%.", "")	-- remove the "0." from the front
+		value.value = value.value:gsub("[/=]", "\%1")	-- escape characters
 		if not reverseignore[name] and not short_names[name] and not reverseshorts[name] and value.value and value.value ~= "" then
 			outstr[#outstr + 1] = name .. "=" .. value.value
 		end
author	Ted Trask <ttrask01@yahoo.com>	2008-07-15 18:21:53 +0000
committer	Ted Trask <ttrask01@yahoo.com>	2008-07-15 18:21:53 +0000
commit	ebe93b2671c8c7915b128b967edece12961fe9c4 (patch)
tree	a56ee3d31c4d791ab1d3f4268c251736cf307c17
parent	8672de2f74059934cd29376dcae985966e244396 (diff)
download	acf-openssl-ebe93b2671c8c7915b128b967edece12961fe9c4.tar.bz2 acf-openssl-ebe93b2671c8c7915b128b967edece12961fe9c4.tar.xz