[SASL] Fail to generate SASL certificate from private key when user's email contain a '+'

[codeurimpulsif]

Describe the bug

When a user email address contain a + character (and maybe also other type of characters?), the creation of the user private key work, but not the creation of the certificate.

It fail with the error message:

Failed to generate cert: openssl req -x509 -new -newkey rsa:4096 -sha256 -nodes -days 3650 -out /data/[email protected]/irc-lithio/irc-lithio.cert -keyout /data/[email protected]/irc-lithio/irc-lithio.key -subj /C=NO/O=Convos/CN=contact+test/[email protected] FAIL 256 /  at /app/lib/Convos/Util.pm line 78.

To Reproduce

Steps to reproduce the behavior:

1. Create an invite link for a user with a + in email address
2. Login with this account
3. Just after login, see error message in Convos logs
4. SASL using certificate don't work

Expected behavior

SASL certificate creation should work for users with a + (or any other RFC 3696 (section 3) compliant characters) in email address.

Environment

• OS: Archlinux (using Docker)
• Browser: Firefox (136.0.2)
• Version: 8.07
• IRC server software: UnrealIRCd (6.1.9.1) with Atheme (7.2.11) and SASL enabled