aboutsummaryrefslogtreecommitdiffstats
path: root/lib/public_key/asn1
diff options
context:
space:
mode:
authorAndrew Bennett <andrew@pagodabox.com>2013-11-07 16:11:21 -0700
committerAndrew Bennett <andrew@pagodabox.com>2013-11-07 17:11:35 -0700
commitef6922881585771ecb9d934cf01f9f1f8ad62211 (patch)
tree744b967fc8456571ecc4f4b8424391da46f00832 /lib/public_key/asn1
parent768a64354e3d69b3c0840a84dd072601c67ca39d (diff)
downloadotp-ef6922881585771ecb9d934cf01f9f1f8ad62211.tar.gz
otp-ef6922881585771ecb9d934cf01f9f1f8ad62211.tar.bz2
otp-ef6922881585771ecb9d934cf01f9f1f8ad62211.zip
public_key: Workaround for incorrectly encoded utf8 emailAddress
Author: Daniel Barney <daniel@pagodabox.com> Date: Thu Oct 25 14:33:11 2012 -0600 Most common browsers are lax in thier handling of how the emailAddress field is encoded. RFC 3280 section 4.1.2.6 defines the encoding as IA5String, however browsers will also handle certificates with the emailAddress field encoded as UTF8String. This fix allows the emailAddress to be decoded as both an IA5String and an UTF8String. Reviewed by: Andrew Bennett <andrew@pagodabox.com>
Diffstat (limited to 'lib/public_key/asn1')
-rw-r--r--lib/public_key/asn1/OTP-PKIX.asn112
1 files changed, 11 insertions, 1 deletions
diff --git a/lib/public_key/asn1/OTP-PKIX.asn1 b/lib/public_key/asn1/OTP-PKIX.asn1
index 911a156d6c..8d3c76adf5 100644
--- a/lib/public_key/asn1/OTP-PKIX.asn1
+++ b/lib/public_key/asn1/OTP-PKIX.asn1
@@ -252,7 +252,17 @@ domainComponent ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= {
emailAddress ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= {
ID id-emailAddress
- TYPE EmailAddress }
+ TYPE EmailAddress } -- this is currently not used when decoding
+ -- The decoding and mapping between ID and Type is done in the code
+ -- in module publickey_cert_records via the function attribute_type
+ -- To be more forgiving and compatible with other SSL implementations
+ -- regarding how to handle and sometimes accept incorrect certificates
+ -- we define and use the type below instead of emailAddress
+
+ OTP-emailAddress ::= CHOICE {
+ ia5String IA5String (SIZE (1..255)),
+ utf8String UTF8String (SIZE (1..255))
+}
--
-- Signature and Public Key Algorithms