From 31c76e0d605b171c4a5e5bf737ac7ff697453452 Mon Sep 17 00:00:00 2001
From: Timo Pollmeier
Date: Tue, 22 Aug 2023 11:02:14 +0200
Subject: [PATCH] Add: New cleanup-tls-certificate-encoding optimize option
The --optimize command line parameter now has the option
"cleanup-tls-certificate-encoding", which cleans up TLS certificates
where the subject or issuer DN is not valid UTF-8.
This can be used to fix old database where certificates with invalid
DNs were imported before escaping was added.
---
INSTALL.md | 5 ++++
doc/gvmd.8 | 2 +-
doc/gvmd.8.xml | 4 +--
doc/gvmd.html | 4 +--
src/gvmd.c | 3 +-
src/manage_sql.c | 16 +++++++++++
src/manage_sql_tls_certificates.c | 46 +++++++++++++++++++++++++++++++
src/manage_sql_tls_certificates.h | 3 ++
8 files changed, 77 insertions(+), 6 deletions(-)
diff --git a/INSTALL.md b/INSTALL.md
index 393491040..455a2a4cf 100644
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -437,6 +437,11 @@ supported values for `` are:
This cleans up id sequences that are likely to run out due to regular feed
updates like the ids for config preferences.
+- `cleanup-tls-certificate-encoding`
+
+ This cleans up TLS certificates where the subject or issuer DN is not
+ valid UTF-8.
+
- `migrate-relay-sensors`
If relays are active, this can be used to make sure all sensor type
diff --git a/doc/gvmd.8 b/doc/gvmd.8
index a9c0794bc..7ee10b1b4 100644
--- a/doc/gvmd.8
+++ b/doc/gvmd.8
@@ -137,7 +137,7 @@ Modify user's password and exit.
Modify user's password and exit.
.TP
\fB--optimize=\fINAME\fB\f1
-Run an optimization: vacuum, add-feed-permissions, analyze, cleanup-config-prefs, cleanup-feed-permissions, cleanup-port-names, cleanup-report-formats, cleanup-result-nvts, cleanup-result-severities, cleanup-schedule-times, cleanup-sequences, migrate-relay-sensors, rebuild-report-cache or update-report-cache.
+Run an optimization: vacuum, add-feed-permissions, analyze, cleanup-config-prefs, cleanup-feed-permissions, cleanup-port-names, cleanup-report-formats, cleanup-result-nvts, cleanup-result-severities, cleanup-schedule-times, cleanup-sequences, cleanup-tls-certificate-encoding, migrate-relay-sensors, rebuild-report-cache or update-report-cache.
.TP
\fB--osp-vt-update=\fISCANNER-SOCKET\fB\f1
Unix socket for OSP NVT update. Defaults to the path of the 'OpenVAS Default' scanner if it is an absolute path.
diff --git a/doc/gvmd.8.xml b/doc/gvmd.8.xml
index ab873160d..fc27b39c9 100644
--- a/doc/gvmd.8.xml
+++ b/doc/gvmd.8.xml
@@ -324,8 +324,8 @@ along with this program. If not, see .
cleanup-config-prefs, cleanup-feed-permissions,
cleanup-port-names, cleanup-report-formats, cleanup-result-nvts,
cleanup-result-severities, cleanup-schedule-times, cleanup-sequences,
- migrate-relay-sensors, rebuild-report-cache
- or update-report-cache.
+ cleanup-tls-certificate-encoding, migrate-relay-sensors,
+ rebuild-report-cache or update-report-cache.