diff options
author | Ingela Anderton Andin <[email protected]> | 2012-08-23 16:51:00 +0200 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2012-08-24 12:33:32 +0200 |
commit | 69d4a56d9f7ade14fd0496ffbf56d96bf9184aef (patch) | |
tree | 4bbf93ee819059cac09be7d091d1bb765bb01428 /lib/public_key/asn1 | |
parent | ca5d326a52449380b25969b4f6e6979f94854f4f (diff) | |
download | otp-69d4a56d9f7ade14fd0496ffbf56d96bf9184aef.tar.gz otp-69d4a56d9f7ade14fd0496ffbf56d96bf9184aef.tar.bz2 otp-69d4a56d9f7ade14fd0496ffbf56d96bf9184aef.zip |
ssl & public_key: Workaround that some certificates encode countryname as utf8 and close down gracefully if other ASN-1 errors occur.
The reason certificate_unknown that is used as ALERT for ASN-1 encoding failure is described as:
Some other (unspecified) issue arose in processing the
certificate, rendering it unacceptable.
Diffstat (limited to 'lib/public_key/asn1')
-rw-r--r-- | lib/public_key/asn1/OTP-PKIX.asn1 | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/lib/public_key/asn1/OTP-PKIX.asn1 b/lib/public_key/asn1/OTP-PKIX.asn1 index fbf531df40..e94a77a3e7 100644 --- a/lib/public_key/asn1/OTP-PKIX.asn1 +++ b/lib/public_key/asn1/OTP-PKIX.asn1 @@ -225,7 +225,17 @@ dnQualifier ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { countryName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { ID id-at-countryName - TYPE X520countryName } + TYPE X520countryName } -- this is currently not used when decoding + -- The decoding and mapping between ID and Type is done in the code + -- in module publickey_cert_records via the function attribute_type + -- To be more forgiving and compatible with other SSL implementations + -- regarding how to handle and sometimes accept incorrect certificates + -- we define and use the type below instead of X520countryName + + OTP-X520countryname ::= CHOICE { + printableString PrintableString (SIZE (2)), + utf8String UTF8String (SIZE (2)) +} serialNumber ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { ID id-at-serialNumber |