Why is string remapping necessary?
It’s an important security feature to prevent the malicious coding of strings from untrusted sources to be passed as parameters to scripts, saved in the environment, used as a common name, translated to a filename, etc. Here is a brief rundown of OpenVPN’s current string types and the permitted character class for each string: X509 Names: Alphanumeric, underbar (‘_’), dash (‘-‘), dot (‘.’), at (‘@’), colon (‘:’), slash (‘/’), and equal (‘=’). Alphanumeric is defined as a character which will cause the C library isalnum() function to return true. Common Names: Alphanumeric, underbar (‘_’), dash (‘-‘), dot (‘.’), and at (‘@’). –auth-user-pass username: Same as Common Name, with one exception: starting with OpenVPN 2.0.1, the username is passed to the OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY plugin in its raw form, without string remapping. –auth-user-pass password: Any “printable” character except CR or LF. Printable is defined to be a character which will cause the C library isprint() fun
