A few nitskmf_dn

author: Jason King <jason.king@joyent.com> 2018-02-28 18:20:43 -0600
committer: Jason King <jason.king@joyent.com> 2018-02-28 18:20:43 -0600
commit: bc95d0f5017569c4e7d9136b98164671b291a6f0 (patch)
tree: 839287a2c484ef7e9947c33e35f3fa819485c41a
parent: 899ac752bf6410d878633ef488148b2c3a02006e (diff)
download: illumos-joyent-kmf_dn.tar.gz
1 files changed, 9 insertions, 4 deletions
diff --git a/usr/src/lib/libkmf/libkmf/common/rdn_parser.c b/usr/src/lib/libkmf/libkmf/common/rdn_parser.c
index 230de0a9fc..fea4eec72c 100644
--- a/usr/src/lib/libkmf/libkmf/common/rdn_parser.c
+++ b/usr/src/lib/libkmf/libkmf/common/rdn_parser.c
@@ -590,8 +590,13 @@ value_to_string(KMF_DATA *data, custr_t *str)
 		 * pose a problem.
 		 */
 		if (c < ' ' || c >= 0x7f) {
-			/* Unlike C, the escaped hex form is just \{hex}{hex} */
-			if (custr_append_printf(str, "\\%02hhx", c) != 0)
+			/*
+			 * RFC4514 claims the hex form in a DN string is
+			 * \{hex}{hex}, however OpenSSL appears to use the
+			 * C style \x{hex}{hex}.  Given how near ubiquitous
+			 * OpenSSL is, we'll adopt their approach.
+			 */
+			if (custr_append_printf(str, "\\x%02hhx", c) != 0)
 				return (KMF_ERR_MEMORY);
 			continue;
 		}
@@ -601,12 +606,12 @@ value_to_string(KMF_DATA *data, custr_t *str)
 			/* Escape # if at the start of a value */
 			if (i != 0)
 				break;
-			/*FALLTHROUGH*/
+			/* FALLTHROUGH */
 		case ' ':
 			/* Escape ' ' if at the start or end of a value */
 			if (i != 0 && i + 1 != data->Length)
 				break;
-			/*FALLTHROUGH*/
+			/* FALLTHROUGH */
 		case '"':
 		case '+':
 		case ',':
author	Jason King <jason.king@joyent.com>	2018-02-28 18:20:43 -0600
committer	Jason King <jason.king@joyent.com>	2018-02-28 18:20:43 -0600
commit	bc95d0f5017569c4e7d9136b98164671b291a6f0 (patch)
tree	839287a2c484ef7e9947c33e35f3fa819485c41a
parent	899ac752bf6410d878633ef488148b2c3a02006e (diff)
download	illumos-joyent-kmf_dn.tar.gz