Commit 50289e2e authored by Gu1's avatar Gu1

Add support for subjectAltName's otherName entity

Lack of otherName support break https connection to some servers:
CACert, for example, automatically adds an id-on-xmppAddr[1] object for
each subjectAltName.

This result in the following exception:
PyAsn1Error: TagSet(Tag(tagClass=0, tagFormat=0, tagId=6),
Tag(tagClass=128, tagFormat=32, tagId=0)) not in asn1Spec: GeneralName()

Other CA might do similar things...

[1]: RFC3920 (XMPP Core) section 5.1 & 5.1.1
parent 9eea189c
......@@ -99,12 +99,21 @@ class Extensions(univ.SequenceOf):
sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX)
class AnotherName(univ.Sequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('type-id', univ.ObjectIdentifier()),
namedtype.NamedType('value', univ.Any().subtype(
explicitTag=tag.Tag(tag.tagClassContext,
tag.tagFormatSimple, 0)))
)
class GeneralName(univ.Choice):
'''ASN.1 configuration for X.509 certificate subjectAltNames fields'''
componentType = namedtype.NamedTypes(
# namedtype.NamedType('otherName', AnotherName().subtype(
# implicitTag=tag.Tag(tag.tagClassContext,
# tag.tagFormatSimple, 0))),
namedtype.NamedType('otherName', AnotherName().subtype(
implicitTag=tag.Tag(tag.tagClassContext,
tag.tagFormatSimple, 0))),
namedtype.NamedType('rfc822Name', char.IA5String().subtype(
implicitTag=tag.Tag(tag.tagClassContext,
tag.tagFormatSimple, 1))),
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment