From 044f622ac3759001b0fa100e7dc5ab378caa4c72 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Fri, 17 Sep 2010 17:06:46 +0200
Subject: Handling of DSA key parameters

DSS-Params  may be null in a certificate as it can inherit the
parameters.

Also ignore CA-certs that do not follow ASN-1 spec in RFC 5280.
---
 lib/public_key/asn1/OTP-PKIX.asn1 | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

(limited to 'lib/public_key/asn1/OTP-PKIX.asn1')

diff --git a/lib/public_key/asn1/OTP-PKIX.asn1 b/lib/public_key/asn1/OTP-PKIX.asn1
index c0cf440496..ad704191a9 100644
--- a/lib/public_key/asn1/OTP-PKIX.asn1
+++ b/lib/public_key/asn1/OTP-PKIX.asn1
@@ -302,18 +302,25 @@ SupportedPublicKeyAlgorithms PUBLIC-KEY-ALGORITHM-CLASS ::= {
 
    --   DSA Keys and Signatures
 
+
+      DSAParams  ::=  CHOICE
+       {
+        params     Dss-Parms,
+        null       NULL
+       }
+
    -- SubjectPublicKeyInfo:
 
    dsa PUBLIC-KEY-ALGORITHM-CLASS ::= {
        ID id-dsa
-       TYPE Dss-Parms -- XXX Must be OPTIONAL
+       TYPE DSAParams -- XXX Must be OPTIONAL
        PUBLIC-KEY-TYPE DSAPublicKey }
 
    -- Certificate.signatureAlgorithm
 
    dsa-with-sha1 SIGNATURE-ALGORITHM-CLASS ::= {
-		 ID id-dsa-with-sha1 
-		 TYPE Dss-Parms } 
+		 ID id-dsa-with-sha1
+		 TYPE  DSAParams }
 
 				  --
    --   RSA Keys and Signatures
-- 
cgit v1.2.3