aboutsummaryrefslogtreecommitdiffstats
path: root/lib/public_key/asn1
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2012-08-23 16:51:00 +0200
committerIngela Anderton Andin <[email protected]>2012-08-24 12:33:32 +0200
commit69d4a56d9f7ade14fd0496ffbf56d96bf9184aef (patch)
tree4bbf93ee819059cac09be7d091d1bb765bb01428 /lib/public_key/asn1
parentca5d326a52449380b25969b4f6e6979f94854f4f (diff)
downloadotp-69d4a56d9f7ade14fd0496ffbf56d96bf9184aef.tar.gz
otp-69d4a56d9f7ade14fd0496ffbf56d96bf9184aef.tar.bz2
otp-69d4a56d9f7ade14fd0496ffbf56d96bf9184aef.zip
ssl & public_key: Workaround that some certificates encode countryname as utf8 and close down gracefully if other ASN-1 errors occur.
The reason certificate_unknown that is used as ALERT for ASN-1 encoding failure is described as: Some other (unspecified) issue arose in processing the certificate, rendering it unacceptable.
Diffstat (limited to 'lib/public_key/asn1')
-rw-r--r--lib/public_key/asn1/OTP-PKIX.asn112
1 files changed, 11 insertions, 1 deletions
diff --git a/lib/public_key/asn1/OTP-PKIX.asn1 b/lib/public_key/asn1/OTP-PKIX.asn1
index fbf531df40..e94a77a3e7 100644
--- a/lib/public_key/asn1/OTP-PKIX.asn1
+++ b/lib/public_key/asn1/OTP-PKIX.asn1
@@ -225,7 +225,17 @@ dnQualifier ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= {
countryName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= {
ID id-at-countryName
- TYPE X520countryName }
+ TYPE X520countryName } -- this is currently not used when decoding
+ -- The decoding and mapping between ID and Type is done in the code
+ -- in module publickey_cert_records via the function attribute_type
+ -- To be more forgiving and compatible with other SSL implementations
+ -- regarding how to handle and sometimes accept incorrect certificates
+ -- we define and use the type below instead of X520countryName
+
+ OTP-X520countryname ::= CHOICE {
+ printableString PrintableString (SIZE (2)),
+ utf8String UTF8String (SIZE (2))
+}
serialNumber ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= {
ID id-at-serialNumber