Newline in certificate subject name results in premature line break in TLS log
An example is the site https://25livepub.collegenet.com/CollegeNET/, whose certificate has a newline embedded in the address field of the subject name. When I view the certificate in Safari, I see "805 SW Broadway%0D%0ASuite 1600" for the address. In the suricata TLS log, this newline is not escaped and results in the log line being split into two:
10.0.0.1:49396 -> 18.104.22.168:443 TLS: Subject='C=US, unknown=97205, ST=OR, L=Portland, unknown=805 SW Broadway#015 Suite 1600, O=CollegeNET, OU=IT, OU=Gandi Pro SSL, CN=25livepub.collegenet.com' Issuerdn='C=FR, ST=Paris, L=Paris, O=Gandi, CN=Gandi Pro SSL CA 2' SHA1='9f:50:03:e2:f4:62:45:4d:69:88:4d:76:21:5f:6f:bc:bf:58:f9:e0' VERSION='TLS 1.2'
Is there a good/natural place in the code where the newline can be escaped?