Escaped characters in SubjectAltName (maybe SubjectDN too? ) should be unescaped after validating the String and before generating the certificate.
Methods of special interest:
- DNFieldExtractor.setDN() (update: did not need changes itself, only the unit test needed an update)
- X509CA.getSubjectAltNameExtensionForCert() (update: appears to have been fixed already, to handle + at least)
Standards of interest:
A bit more human readable: http://docs.oracle.com/javase/jndi/tutorial/beyond/names/syntax.html
Make sure to test thoroughly as this has the potential to break a lot of special cases.