diff options
| author | Denis Baranov <[email protected]> | 2019-02-27 10:33:42 +0100 |
|---|---|---|
| committer | Denis Baranov <[email protected]> | 2019-03-19 17:22:19 +0100 |
| commit | 48d6243d8a45d711ce4a861a45e5992294fdbb80 (patch) | |
| tree | 0421dfbd5844715902fa032de7b3411360931aa2 | |
| parent | 7e21a18877374cfaef1fe839a5cd78599eb2d9d6 (diff) | |
| download | otp-48d6243d8a45d711ce4a861a45e5992294fdbb80.tar.gz otp-48d6243d8a45d711ce4a861a45e5992294fdbb80.tar.bz2 otp-48d6243d8a45d711ce4a861a45e5992294fdbb80.zip | |
allowed 3 letters country code to be valid
Some certificate issuers like Apple use USA instead of US as a country
name. This makes handshake with a server not possible as this considered
as not valid certificate. This commit eases that requirement to allow
both 2 and 3 letters country names.
| -rw-r--r-- | lib/public_key/asn1/OTP-PKIX.asn1 | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/lib/public_key/asn1/OTP-PKIX.asn1 b/lib/public_key/asn1/OTP-PKIX.asn1 index 9bcd99fba3..ff3250b383 100644 --- a/lib/public_key/asn1/OTP-PKIX.asn1 +++ b/lib/public_key/asn1/OTP-PKIX.asn1 @@ -233,9 +233,13 @@ countryName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { -- regarding how to handle and sometimes accept incorrect certificates -- we define and use the type below instead of X520countryName + -- We accept utf8String encoding of the US-ASCII + -- country name code and the mix up with other country code systems + -- that uses three characters instead of two. + OTP-X520countryname ::= CHOICE { - printableString PrintableString (SIZE (2)), - utf8String UTF8String (SIZE (2)) + printableString PrintableString (SIZE (2..3)), + utf8String UTF8String (SIZE (2..3)) } serialNumber ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { |