From 7621883663b7948faccc610e12e017cd8f0b16df Mon Sep 17 00:00:00 2001
From: james <james@e7ae566f-a301-0410-adde-c780ea21d3b5>
Date: Sat, 19 Jul 2008 00:29:31 +0000
Subject: Replace leading dash ('-') characters in an X509 name with underbars
 ('_') before calling user-defined scripts, to preclude the chance of a
 leading dash being interpreted as an option prefix.

git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3083 e7ae566f-a301-0410-adde-c780ea21d3b5
---
 buffer.c | 14 ++++++++++++++
 buffer.h |  2 ++
 ssl.c    |  3 +++
 3 files changed, 19 insertions(+)

diff --git a/buffer.c b/buffer.c
index 8febc91..c90ff9f 100644
--- a/buffer.c
+++ b/buffer.c
@@ -804,6 +804,20 @@ string_mod_const (const char *str,
     return NULL;
 }
 
+void
+string_replace_leading (char *str, const char match, const char replace)
+{
+  ASSERT (match != '\0');
+  while (*str)
+    {
+      if (*str == match)
+	*str = replace;
+      else
+	break;
+      ++str;
+    }
+}
+
 #ifdef CHARACTER_CLASS_DEBUG
 
 #define CC_INCLUDE    (CC_PRINT)
diff --git a/buffer.h b/buffer.h
index d8ef00f..8888869 100644
--- a/buffer.h
+++ b/buffer.h
@@ -615,6 +615,8 @@ const char *string_mod_const (const char *str,
 			      const char replace,
 			      struct gc_arena *gc);
 
+void string_replace_leading (char *str, const char match, const char replace);
+
 #ifdef CHARACTER_CLASS_DEBUG
 void character_class_debug (void);
 #endif
diff --git a/ssl.c b/ssl.c
index bbb998b..9f7aa9d 100644
--- a/ssl.c
+++ b/ssl.c
@@ -554,6 +554,9 @@ verify_callback (int preverify_ok, X509_STORE_CTX * ctx)
 
   /* enforce character class restrictions in X509 name */
   string_mod (subject, X509_NAME_CHAR_CLASS, 0, '_');
+  string_replace_leading (subject, '-', '_');
+
+  msg (M_INFO, "X509: '%s'", subject); // JYFIXME
 
   /* extract the common name */
 #ifdef USE_OLD_EXTRACT_X509_FIELD
-- 
cgit