diff options
author | Andrew Bennett <andrew@pagodabox.com> | 2013-11-07 16:11:21 -0700 |
---|---|---|
committer | Andrew Bennett <andrew@pagodabox.com> | 2013-11-07 17:11:35 -0700 |
commit | ef6922881585771ecb9d934cf01f9f1f8ad62211 (patch) | |
tree | 744b967fc8456571ecc4f4b8424391da46f00832 /lib/public_key/asn1 | |
parent | 768a64354e3d69b3c0840a84dd072601c67ca39d (diff) | |
download | otp-ef6922881585771ecb9d934cf01f9f1f8ad62211.tar.gz otp-ef6922881585771ecb9d934cf01f9f1f8ad62211.tar.bz2 otp-ef6922881585771ecb9d934cf01f9f1f8ad62211.zip |
public_key: Workaround for incorrectly encoded utf8 emailAddress
Author: Daniel Barney <daniel@pagodabox.com>
Date: Thu Oct 25 14:33:11 2012 -0600
Most common browsers are lax in thier handling of how the
emailAddress field is encoded. RFC 3280 section 4.1.2.6
defines the encoding as IA5String, however browsers will
also handle certificates with the emailAddress field
encoded as UTF8String. This fix allows the emailAddress
to be decoded as both an IA5String and an UTF8String.
Reviewed by: Andrew Bennett <andrew@pagodabox.com>
Diffstat (limited to 'lib/public_key/asn1')
-rw-r--r-- | lib/public_key/asn1/OTP-PKIX.asn1 | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/lib/public_key/asn1/OTP-PKIX.asn1 b/lib/public_key/asn1/OTP-PKIX.asn1 index 911a156d6c..8d3c76adf5 100644 --- a/lib/public_key/asn1/OTP-PKIX.asn1 +++ b/lib/public_key/asn1/OTP-PKIX.asn1 @@ -252,7 +252,17 @@ domainComponent ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { emailAddress ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { ID id-emailAddress - TYPE EmailAddress } + TYPE EmailAddress } -- this is currently not used when decoding + -- The decoding and mapping between ID and Type is done in the code + -- in module publickey_cert_records via the function attribute_type + -- To be more forgiving and compatible with other SSL implementations + -- regarding how to handle and sometimes accept incorrect certificates + -- we define and use the type below instead of emailAddress + + OTP-emailAddress ::= CHOICE { + ia5String IA5String (SIZE (1..255)), + utf8String UTF8String (SIZE (1..255)) +} -- -- Signature and Public Key Algorithms |