Allow X.509 certificates with improperly encoded DNSName and EmailAddress

author: wbond <will@wbond.net> 2019-10-01 00:53:21 -0400
committer: wbond <will@wbond.net> 2019-10-01 00:53:21 -0400
commit: 4a0b9718208e1e4619ee90e2f99237bb007ac480 (patch)
tree: 6b4300e5768579ea25cdcb6ca1020c97352ef764 /asn1crypto
parent: 011ab06123a33e914262617d6a784c1d95d53f0f (diff)
download: asn1crypto-4a0b9718208e1e4619ee90e2f99237bb007ac480.tar.gz
2 files changed, 17 insertions, 12 deletions
diff --git a/asn1crypto/core.py b/asn1crypto/core.py
index 1f5eddd..933f8ca 100644
--- a/asn1crypto/core.py
+++ b/asn1crypto/core.py
@@ -5537,15 +5537,20 @@ def _build(class_, method, tag, header, contents, trailer, spec=None, spec_param
                     else:
                         value.method = method
                         value._indefinite = True
-                if tag != value.tag and tag != value._bad_tag:
-                    raise ValueError(unwrap(
-                        '''
-                        Error parsing %s - tag should have been %s, but %s was found
-                        ''',
-                        type_name(value),
-                        value.tag,
-                        tag
-                    ))
+                if tag != value.tag:
+                    if isinstance(value._bad_tag, tuple):
+                        is_bad_tag = tag in value._bad_tag
+                    else:
+                        is_bad_tag = tag == value._bad_tag
+                    if not is_bad_tag:
+                        raise ValueError(unwrap(
+                            '''
+                            Error parsing %s - tag should have been %s, but %s was found
+                            ''',
+                            type_name(value),
+                            value.tag,
+                            tag
+                        ))
 
     # For explicitly tagged, un-speced parsings, we use a generic container
     # since we will be parsing the contents and discarding the outer object
diff --git a/asn1crypto/x509.py b/asn1crypto/x509.py
index 9e4550e..8341bb2 100644
--- a/asn1crypto/x509.py
+++ b/asn1crypto/x509.py
@@ -71,7 +71,7 @@ from .util import int_to_bytes, int_from_bytes, inet_ntop, inet_pton
 class DNSName(IA5String):
 
     _encoding = 'idna'
-    _bad_tag = 19
+    _bad_tag = (12, 19)
 
     def __ne__(self, other):
         return not self == other
@@ -185,8 +185,8 @@ class EmailAddress(IA5String):
     # If the value has gone through the .set() method, thus normalizing it
     _normalized = False
 
-    # In the wild we've seen this encoded as a PrintableString
-    _bad_tag = 19
+    # In the wild we've seen this encoded as a UTF8String and PrintableString
+    _bad_tag = (12, 19)
 
     @property
     def contents(self):
author	wbond <will@wbond.net>	2019-10-01 00:53:21 -0400
committer	wbond <will@wbond.net>	2019-10-01 00:53:21 -0400
commit	4a0b9718208e1e4619ee90e2f99237bb007ac480 (patch)
tree	6b4300e5768579ea25cdcb6ca1020c97352ef764 /asn1crypto
parent	011ab06123a33e914262617d6a784c1d95d53f0f (diff)
download	asn1crypto-4a0b9718208e1e4619ee90e2f99237bb007ac480.tar.gz