1 files changed, 41 insertions, 4 deletions
diff --git a/lib/public_key/asn1/OTP-PKIX.asn1 b/lib/public_key/asn1/OTP-PKIX.asn1
index ad704191a9..e94a77a3e7 100644
--- a/lib/public_key/asn1/OTP-PKIX.asn1
+++ b/lib/public_key/asn1/OTP-PKIX.asn1
@@ -91,7 +91,7 @@ IMPORTS
        id-ce-certificateIssuer, CertificateIssuer,
        id-ce-holdInstructionCode, HoldInstructionCode,
        id-ce-invalidityDate, InvalidityDate
-
+       
        FROM PKIX1Implicit88 { iso(1) identified-organization(3) dod(6) 
        internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) 
        id-pkix1-implicit(19) }
@@ -114,8 +114,20 @@ IMPORTS
 	id-ecPublicKey, EcpkParameters, ECPoint
 	FROM PKIX1Algorithms88 { iso(1) identified-organization(3) dod(6)
 	     internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
-	     id-mod-pkix1-algorithms(17) };
-
+	     id-mod-pkix1-algorithms(17) }
+	     
+       md2WithRSAEncryption,
+       md5WithRSAEncryption,
+       sha1WithRSAEncryption,
+       sha256WithRSAEncryption,
+       sha384WithRSAEncryption,
+       sha512WithRSAEncryption	     
+    	     
+      FROM PKCS-1 {
+       iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1)
+        modules(0) pkcs-1(1)
+	};	   
+	     
 --
 -- Certificate
 --
@@ -213,7 +225,17 @@ dnQualifier ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= {
 
 countryName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= {
 	ID id-at-countryName
-	TYPE X520countryName }
+        TYPE X520countryName } -- this is currently not used when decoding
+ -- The decoding and mapping between ID and Type is done in the code
+ -- in module publickey_cert_records via the function attribute_type
+ -- To be more forgiving and compatible with other SSL implementations
+ -- regarding how to handle and sometimes accept incorrect certificates
+ -- we define and use the type below instead of X520countryName
+
+ OTP-X520countryname ::= CHOICE {
+       printableString   PrintableString (SIZE (2)),
+       utf8String        UTF8String      (SIZE (2))
+}
 
 serialNumber ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= {
 	ID id-at-serialNumber
@@ -295,6 +317,9 @@ PublicKeyAlgorithm ::=  SEQUENCE  {
 SupportedSignatureAlgorithms SIGNATURE-ALGORITHM-CLASS ::= { 
 		    dsa-with-sha1 | md2-with-rsa-encryption |
 		    md5-with-rsa-encryption | sha1-with-rsa-encryption |
+		    sha256-with-rsa-encryption |
+		    sha384-with-rsa-encryption |
+		    sha512-with-rsa-encryption |
 		    ecdsa-with-sha1 } 
 
 SupportedPublicKeyAlgorithms PUBLIC-KEY-ALGORITHM-CLASS ::= { 
@@ -340,6 +365,18 @@ SupportedPublicKeyAlgorithms PUBLIC-KEY-ALGORITHM-CLASS ::= {
 			    ID sha1WithRSAEncryption 
 			    TYPE NULL }
 
+   sha256-with-rsa-encryption SIGNATURE-ALGORITHM-CLASS ::= {
+			    ID sha256WithRSAEncryption 
+			    TYPE NULL }
+
+   sha384-with-rsa-encryption SIGNATURE-ALGORITHM-CLASS ::= {
+			    ID sha384WithRSAEncryption 
+			    TYPE NULL }
+	    
+   sha512-with-rsa-encryption SIGNATURE-ALGORITHM-CLASS ::= {
+			    ID sha512WithRSAEncryption 
+			    TYPE NULL }
+
    -- Certificate.signature
    -- See PKCS #1 (RFC 2313). XXX