Mailing List Archive

------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=583




--- Comment #2 from Magnus Holmgren <holmgren@lysator.liu.se> 2007-08-18 23:53:39 ---
Your Exim is linked with GnuTLS, right? AFAICT, X509_NAME_oneline() (used in
tls-openssl.c) escapes control characters as \xHH (which is nonstandard by
the way; the documentation recommends using X509_NAME_print_ex() instead),
while gnutls_x509_crt_get_dn() (used in tls-gnu.c) only escapes certain
special characters that have to be escaped according to RFC 2253.

Is it a problem that tls_peerdn can contain control characters? Otherwise I
suggest using string_printing() to escape them when logging. Applying
string_printing() to the DN before storing it in tls_peerdn seems incorrect,
but then again the result of X509_NAME_oneline() is also incorrect and GnuTLS
doesn't seem to have any function that escapes control characters (as \HH,
where the Ds are hexadecimal digits, according to RFC 2253).


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email

--
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=583

Philip Hazel <ph10@hermes.cam.ac.uk> changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED




--- Comment #3 from Philip Hazel <ph10@hermes.cam.ac.uk> 2007-08-22 15:21:04 ---
I have used string_printing() for all the cases where DN= is logged. The patch
is committed.


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email

--
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##