Upgrade x509-cert to 0.1.1main-16k-with-phones

This project was upgraded with external_updater.
Usage: tools/external_updater/updater.sh update rust/crates/x509-cert
For more info, check https://cs.android.com/android/platform/superproject/+/master:tools/external_updater/README.md

Test: TreeHugger
Change-Id: Id3576d9ba5d3ab19bc46734b16fd75b218dab05f

27 files changed, 174 insertions, 71 deletions

diff --git a/.cargo_vcs_info.json b/.cargo_vcs_info.json
index 10ff1a0..271baca 100644
--- a/.cargo_vcs_info.json
+++ b/.cargo_vcs_info.json
@@ -1,6 +1,6 @@
 {
   "git": {
-    "sha1": "e89ac245b40bb044b9d9babdae6ea4ffadb59af2"
+    "sha1": "5747b144d21463fe471a2aaa34a5a1bd67b611f2"
   },
   "path_in_vcs": "x509-cert"
 }
\ No newline at end of file
diff --git a/Android.bp b/Android.bp
index c8792df..9e3d89c 100644
--- a/Android.bp
+++ b/Android.bp
@@ -1,8 +1,6 @@
 // This file is generated by cargo2android.py --config cargo2android.json.
 // Do not modify this file as changes will be overridden on upgrade.
 
-
-
 package {
     default_applicable_licenses: ["external_rust_crates_x509-cert_license"],
 }
@@ -37,7 +35,7 @@ rust_library_host {
     name: "libx509_cert",
     crate_name: "x509_cert",
     cargo_env_compat: true,
-    cargo_pkg_version: "0.1.0",
+    cargo_pkg_version: "0.1.1",
     srcs: ["src/lib.rs"],
     edition: "2021",
     features: ["alloc"],
diff --git a/CHANGELOG.md b/CHANGELOG.md
index db80bf4..83406c9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,5 +4,21 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## 0.1.1 (2022-12-10)
+### Added
+- Support `TeletexString` in `DirectoryString` ([#692])
+- Re-export `spki` ([#701])
+- `PemLabel` impl for `Certificate` ([#763])
+- `ValueOrd` impl for `Version` and other derived types ([#723])
+
+### Fixed
+-  `countryName` should always be `PrintableString` ([#760])
+
+[#692]: https://github.com/RustCrypto/formats/pull/692
+[#701]: https://github.com/RustCrypto/formats/pull/701
+[#723]: https://github.com/RustCrypto/formats/pull/723
+[#760]: https://github.com/RustCrypto/formats/pull/760
+[#763]: https://github.com/RustCrypto/formats/pull/763
+
 ## 0.1.0 (2022-07-23)
 - Initial release
diff --git a/Cargo.toml b/Cargo.toml
index d563ecd..43ad5a1 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -13,7 +13,7 @@
 edition = "2021"
 rust-version = "1.56"
 name = "x509-cert"
-version = "0.1.0"
+version = "0.1.1"
 authors = ["RustCrypto Developers"]
 description = """
 Pure Rust implementation of the X.509 Public Key Infrastructure Certificate
@@ -28,8 +28,7 @@ categories = [
     "no-std",
 ]
 license = "Apache-2.0 OR MIT"
-repository = "https://github.com/RustCrypto/formats/tree/master/x509"
-resolver = "2"
+repository = "https://github.com/RustCrypto/formats/tree/master/x509-cert"
 
 [package.metadata.docs.rs]
 all-features = true
@@ -60,7 +59,7 @@ version = "0.6"
 version = "0.3"
 
 [dev-dependencies.rstest]
-version = "0.12.0"
+version = "0.12"
 
 [features]
 alloc = ["der/alloc"]
diff --git a/Cargo.toml.orig b/Cargo.toml.orig
index c2b650f..723504f 100644
--- a/Cargo.toml.orig
+++ b/Cargo.toml.orig
@@ -1,13 +1,13 @@
 [package]
 name = "x509-cert"
-version = "0.1.0" # Also update html_root_url in lib.rs when bumping this
+version = "0.1.1"
 description = """
 Pure Rust implementation of the X.509 Public Key Infrastructure Certificate
 format as described in RFC 5280
 """
 authors = ["RustCrypto Developers"]
 license = "Apache-2.0 OR MIT"
-repository = "https://github.com/RustCrypto/formats/tree/master/x509"
+repository = "https://github.com/RustCrypto/formats/tree/master/x509-cert"
 categories = ["cryptography", "data-structures", "encoding", "no-std"]
 keywords = ["crypto"]
 readme = "README.md"
@@ -22,7 +22,11 @@ spki = { version = "0.6", path = "../spki" }
 
 [dev-dependencies]
 hex-literal = "0.3"
-rstest = "0.12.0"
+
+# NOTE: upgrading requires MSRV bumps
+# - rstest v0.13 requires 1.59 (for `async-global-executor`)
+# - rstest v0.14 requires a workspace-wide 1.60 MSRV (for namespaced features)
+rstest = "0.12"
 
 [features]
 alloc = ["der/alloc"]
diff --git a/LICENSE-MIT b/LICENSE-MIT
new file mode 100644
index 0000000..c869ada
--- /dev/null
+++ b/LICENSE-MIT
@@ -0,0 +1,25 @@
+Copyright (c) 2021 The RustCrypto Project Developers
+
+Permission is hereby granted, free of charge, to any
+person obtaining a copy of this software and associated
+documentation files (the "Software"), to deal in the
+Software without restriction, including without
+limitation the rights to use, copy, modify, merge,
+publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software
+is furnished to do so, subject to the following
+conditions:
+
+The above copyright notice and this permission notice
+shall be included in all copies or substantial portions
+of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF
+ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
+TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
+SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR
+IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
diff --git a/METADATA b/METADATA
index 5bf432c..c38c1c0 100644
--- a/METADATA
+++ b/METADATA
@@ -1,3 +1,7 @@
+# This project was upgraded with external_updater.
+# Usage: tools/external_updater/updater.sh update rust/crates/x509-cert
+# For more info, check https://cs.android.com/android/platform/superproject/+/master:tools/external_updater/README.md
+
 name: "x509-cert"
 description: "Pure Rust implementation of the X.509 Public Key Infrastructure Certificate format as described in RFC 5280."
 third_party {
@@ -7,14 +11,13 @@ third_party {
   }
   url {
     type: ARCHIVE
-    value: "https://static.crates.io/crates/x509-cert/x509-cert-0.1.0.crate"
+    value: "https://static.crates.io/crates/x509-cert/x509-cert-0.1.1.crate"
   }
-  version: "0.1.0"
-  # Dual-licensed, using the least restrictive per go/thirdpartylicenses#same.
+  version: "0.1.1"
   license_type: NOTICE
   last_upgrade_date {
     year: 2022
-    month: 9
-    day: 6
+    month: 12
+    day: 19
   }
 }
diff --git a/src/attr.rs b/src/attr.rs
index 9a0d2d2..2b4336a 100644
--- a/src/attr.rs
+++ b/src/attr.rs
@@ -1,6 +1,7 @@
 //! Attribute-related definitions as defined in X.501 (and updated by RFC 5280).
 
 use alloc::vec::Vec;
+use const_oid::db::rfc4519::{COUNTRY_NAME, DOMAIN_COMPONENT};
 use core::fmt::{self, Write};
 
 use const_oid::db::DB;
@@ -181,8 +182,14 @@ impl AttributeTypeAndValue<'_> {
             parser.add(c)?;
         }
 
+        let tag = match oid {
+            COUNTRY_NAME => Tag::PrintableString,
+            DOMAIN_COMPONENT => Tag::Ia5String,
+            _ => Tag::Utf8String,
+        };
+
         // Serialize.
-        let value = AnyRef::new(Tag::Utf8String, parser.as_bytes())?;
+        let value = AnyRef::new(tag, parser.as_bytes())?;
         let atv = AttributeTypeAndValue { oid, value };
         atv.to_vec()
     }
@@ -220,6 +227,7 @@ impl fmt::Display for AttributeTypeAndValue<'_> {
             Tag::PrintableString => self.value.printable_string().ok().map(|s| s.as_str()),
             Tag::Utf8String => self.value.utf8_string().ok().map(|s| s.as_str()),
             Tag::Ia5String => self.value.ia5_string().ok().map(|s| s.as_str()),
+            Tag::TeletexString => self.value.teletex_string().ok().map(|s| s.as_str()),
             _ => None,
         };
 
diff --git a/src/certificate.rs b/src/certificate.rs
index cca7f83..cf71948 100644
--- a/src/certificate.rs
+++ b/src/certificate.rs
@@ -3,12 +3,16 @@
 use crate::{name::Name, time::Validity};
 
 use alloc::vec::Vec;
+use core::cmp::Ordering;
 
 use const_oid::AssociatedOid;
 use der::asn1::{BitStringRef, UIntRef};
-use der::{Decode, Enumerated, Error, ErrorKind, Sequence};
+use der::{Decode, Enumerated, Error, ErrorKind, Sequence, ValueOrd};
 use spki::{AlgorithmIdentifier, SubjectPublicKeyInfo};
 
+#[cfg(feature = "pem")]
+use der::pem::PemLabel;
+
 /// Certificate `Version` as defined in [RFC 5280 Section 4.1].
 ///
 /// ```text
@@ -30,6 +34,12 @@ pub enum Version {
     V3 = 2,
 }
 
+impl ValueOrd for Version {
+    fn value_cmp(&self, other: &Self) -> der::Result<Ordering> {
+        (&(*self as u8)).value_cmp(&(*other as u8))
+    }
+}
+
 impl Default for Version {
     fn default() -> Self {
         Self::V1
@@ -61,7 +71,7 @@ impl Default for Version {
 /// ```
 ///
 /// [RFC 5280 Section 4.1]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1
-#[derive(Clone, Debug, Eq, PartialEq, Sequence)]
+#[derive(Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)]
 #[allow(missing_docs)]
 pub struct TbsCertificate<'a> {
     /// The certificate version
@@ -135,7 +145,7 @@ impl<'a> TbsCertificate<'a> {
 /// ```
 ///
 /// [RFC 5280 Section 4.1]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1
-#[derive(Clone, Debug, Eq, PartialEq, Sequence)]
+#[derive(Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)]
 #[allow(missing_docs)]
 pub struct Certificate<'a> {
     pub tbs_certificate: TbsCertificate<'a>,
@@ -143,6 +153,12 @@ pub struct Certificate<'a> {
     pub signature: BitStringRef<'a>,
 }
 
+#[cfg(feature = "pem")]
+#[cfg_attr(docsrs, doc(cfg(feature = "pem")))]
+impl PemLabel for Certificate<'_> {
+    const PEM_LABEL: &'static str = "CERTIFICATE";
+}
+
 /// `PkiPath` as defined by X.509 and referenced by [RFC 6066].
 ///
 /// This contains a series of certificates in validation order from the
diff --git a/src/crl.rs b/src/crl.rs
index 3e63043..09256f2 100644
--- a/src/crl.rs
+++ b/src/crl.rs
@@ -8,12 +8,12 @@ use crate::Version;
 use alloc::vec::Vec;
 
 use der::asn1::{BitStringRef, UIntRef};
-use der::Sequence;
+use der::{Sequence, ValueOrd};
 use spki::AlgorithmIdentifier;
 
 /// `CertificateList` as defined in [RFC 5280 Section 5.1].
 ///
-///```text
+/// ```text
 /// CertificateList  ::=  SEQUENCE  {
 ///     tbsCertList          TBSCertList,
 ///     signatureAlgorithm   AlgorithmIdentifier,
@@ -22,7 +22,7 @@ use spki::AlgorithmIdentifier;
 /// ```
 ///
 /// [RFC 5280 Section 5.1]: https://datatracker.ietf.org/doc/html/rfc5280#section-5.1
-#[derive(Clone, Debug, Eq, PartialEq, Sequence)]
+#[derive(Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)]
 #[allow(missing_docs)]
 pub struct CertificateList<'a> {
     pub tbs_cert_list: TbsCertList<'a>,
@@ -35,7 +35,7 @@ pub struct CertificateList<'a> {
 /// This type is used for the `revoked_certificates` field of `TbsCertList`.
 /// See [RFC 5280 Section 5.1].
 ///
-///```text
+/// ```text
 /// RevokedCert ::= SEQUENCE {
 ///     userCertificate         CertificateSerialNumber,
 ///     revocationDate          Time,
@@ -44,7 +44,7 @@ pub struct CertificateList<'a> {
 /// ```
 ///
 /// [RFC 5280 Section 5.1]: https://datatracker.ietf.org/doc/html/rfc5280#section-5.1
-#[derive(Clone, Debug, Eq, PartialEq, Sequence)]
+#[derive(Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)]
 #[allow(missing_docs)]
 pub struct RevokedCert<'a> {
     pub serial_number: UIntRef<'a>,
@@ -71,7 +71,7 @@ pub struct RevokedCert<'a> {
 /// ```
 ///
 /// [RFC 5280 Section 5.1]: https://datatracker.ietf.org/doc/html/rfc5280#section-5.1
-#[derive(Clone, Debug, Eq, PartialEq, Sequence)]
+#[derive(Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)]
 #[allow(missing_docs)]
 pub struct TbsCertList<'a> {
     pub version: Version,
diff --git a/src/ext.rs b/src/ext.rs
index d717a7c..eb6f6fb 100644
--- a/src/ext.rs
+++ b/src/ext.rs
@@ -1,6 +1,6 @@
 //! Standardized X.509 Certificate Extensions
 
-use der::Sequence;
+use der::{Sequence, ValueOrd};
 use spki::ObjectIdentifier;
 
 pub mod pkix;
@@ -22,7 +22,7 @@ pub mod pkix;
 /// ```
 ///
 /// [RFC 5280 Section 4.1.2.9]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.9
-#[derive(Clone, Debug, Eq, PartialEq, Sequence)]
+#[derive(Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)]
 #[allow(missing_docs)]
 pub struct Extension<'a> {
     pub extn_id: ObjectIdentifier,
diff --git a/src/ext/pkix/access.rs b/src/ext/pkix/access.rs
index 5b74b6f..0390235 100644
--- a/src/ext/pkix/access.rs
+++ b/src/ext/pkix/access.rs
@@ -6,7 +6,7 @@ use const_oid::{
     db::rfc5280::{ID_PE_AUTHORITY_INFO_ACCESS, ID_PE_SUBJECT_INFO_ACCESS},
     AssociatedOid,
 };
-use der::{asn1::ObjectIdentifier, Sequence};
+use der::{asn1::ObjectIdentifier, Sequence, ValueOrd};
 
 /// AuthorityInfoAccessSyntax as defined in [RFC 5280 Section 4.2.2.1].
 ///
@@ -50,7 +50,7 @@ impl_newtype!(SubjectInfoAccessSyntax<'a>, Vec<AccessDescription<'a>>);
 /// ```
 ///
 /// [RFC 5280 Section 4.2.2.1]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.2.1
-#[derive(Clone, Debug, Eq, PartialEq, Sequence)]
+#[derive(Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)]
 #[allow(missing_docs)]
 pub struct AccessDescription<'a> {
     pub access_method: ObjectIdentifier,
diff --git a/src/ext/pkix/certpolicy.rs b/src/ext/pkix/certpolicy.rs
index 3821427..bb2211f 100644
--- a/src/ext/pkix/certpolicy.rs
+++ b/src/ext/pkix/certpolicy.rs
@@ -5,7 +5,7 @@ use alloc::vec::Vec;
 use const_oid::db::rfc5912::ID_CE_CERTIFICATE_POLICIES;
 use const_oid::AssociatedOid;
 use der::asn1::{GeneralizedTime, Ia5StringRef, ObjectIdentifier, UIntRef, Utf8StringRef};
-use der::{AnyRef, Choice, Sequence};
+use der::{AnyRef, Choice, Sequence, ValueOrd};
 
 /// CertificatePolicies as defined in [RFC 5280 Section 4.2.1.4].
 ///
@@ -35,7 +35,7 @@ impl_newtype!(CertificatePolicies<'a>, Vec<PolicyInformation<'a>>);
 /// ```
 ///
 /// [RFC 5280 Section 4.2.1.4]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.4
-#[derive(Clone, Debug, Eq, PartialEq, Sequence)]
+#[derive(Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)]
 #[allow(missing_docs)]
 pub struct PolicyInformation<'a> {
     pub policy_identifier: ObjectIdentifier,
@@ -52,7 +52,7 @@ pub struct PolicyInformation<'a> {
 /// ```
 ///
 /// [RFC 5280 Section 4.2.1.4]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.4
-#[derive(Clone, Debug, Eq, PartialEq, Sequence)]
+#[derive(Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)]
 #[allow(missing_docs)]
 pub struct PolicyQualifierInfo<'a> {
     pub policy_qualifier_id: ObjectIdentifier,
diff --git a/src/ext/pkix/crl/dp.rs b/src/ext/pkix/crl/dp.rs
index 7aa8a2d..f7d1ab7 100644
--- a/src/ext/pkix/crl/dp.rs
+++ b/src/ext/pkix/crl/dp.rs
@@ -1,7 +1,7 @@
 //! PKIX distribution point types
 
 use const_oid::{db::rfc5280::ID_PE_SUBJECT_INFO_ACCESS, AssociatedOid, ObjectIdentifier};
-use der::Sequence;
+use der::{Sequence, ValueOrd};
 use flagset::{flags, FlagSet};
 
 use crate::ext::pkix::name::{DistributionPointName, GeneralNames};
@@ -74,7 +74,7 @@ impl<'a> AssociatedOid for IssuingDistributionPoint<'a> {
 /// ```
 ///
 /// [RFC 5280 Section 4.2.1.13]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.13
-#[derive(Clone, Debug, PartialEq, Eq, Sequence)]
+#[derive(Clone, Debug, PartialEq, Eq, Sequence, ValueOrd)]
 #[allow(missing_docs)]
 pub struct DistributionPoint<'a> {
     #[asn1(context_specific = "0", tag_mode = "EXPLICIT", optional = "true")]
diff --git a/src/ext/pkix/name/dirstr.rs b/src/ext/pkix/name/dirstr.rs
index e2af698..2aaa732 100644
--- a/src/ext/pkix/name/dirstr.rs
+++ b/src/ext/pkix/name/dirstr.rs
@@ -1,5 +1,5 @@
-use der::asn1::{PrintableStringRef, Utf8StringRef};
-use der::Choice;
+use der::asn1::{PrintableStringRef, TeletexStringRef, Utf8StringRef};
+use der::{Choice, ValueOrd};
 
 /// DirectoryString as defined in [RFC 5280 Section 4.2.1.4].
 ///
@@ -38,12 +38,15 @@ use der::Choice;
 /// the need arises, we only support `PrintableString` and `UTF8String`.
 ///
 /// [RFC 5280 Section 4.2.1.4]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.4
-#[derive(Clone, Debug, Eq, PartialEq, Choice)]
+#[derive(Clone, Debug, Eq, PartialEq, Choice, ValueOrd)]
 #[allow(missing_docs)]
 pub enum DirectoryString<'a> {
     #[asn1(type = "PrintableString")]
     PrintableString(PrintableStringRef<'a>),
 
+    #[asn1(type = "TeletexString")]
+    TeletexString(TeletexStringRef<'a>),
+
     #[asn1(type = "UTF8String")]
     Utf8String(Utf8StringRef<'a>),
 }
diff --git a/src/ext/pkix/name/dp.rs b/src/ext/pkix/name/dp.rs
index 3cfdf96..e895f88 100644
--- a/src/ext/pkix/name/dp.rs
+++ b/src/ext/pkix/name/dp.rs
@@ -1,7 +1,7 @@
 use super::GeneralNames;
 use crate::name::RelativeDistinguishedName;
 
-use der::Choice;
+use der::{Choice, ValueOrd};
 
 /// DistributionPointName as defined in [RFC 5280 Section 4.2.1.13].
 ///
@@ -13,7 +13,7 @@ use der::Choice;
 /// ```
 ///
 /// [RFC 5280 Section 4.2.1.13]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.13
-#[derive(Clone, Debug, Eq, PartialEq, Choice)]
+#[derive(Clone, Debug, Eq, PartialEq, Choice, ValueOrd)]
 #[allow(missing_docs)]
 pub enum DistributionPointName<'a> {
     #[asn1(context_specific = "0", tag_mode = "IMPLICIT", constructed = "true")]
diff --git a/src/ext/pkix/name/ediparty.rs b/src/ext/pkix/name/ediparty.rs
index 06ee320..94af09b 100644
--- a/src/ext/pkix/name/ediparty.rs
+++ b/src/ext/pkix/name/ediparty.rs
@@ -1,4 +1,4 @@
-use der::Sequence;
+use der::{Sequence, ValueOrd};
 
 use super::DirectoryString;
 
@@ -25,7 +25,7 @@ use super::DirectoryString;
 ///
 /// [this OpenSSL bug]: https://github.com/openssl/openssl/issues/6859
 /// [RFC 5280 Section 4.2.1.6]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.6
-#[derive(Clone, Debug, Eq, PartialEq, Sequence)]
+#[derive(Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)]
 #[allow(missing_docs)]
 pub struct EdiPartyName<'a> {
     #[asn1(context_specific = "0", tag_mode = "EXPLICIT", optional = "true")]
diff --git a/src/ext/pkix/name/general.rs b/src/ext/pkix/name/general.rs
index 0daa368..f6861d4 100644
--- a/src/ext/pkix/name/general.rs
+++ b/src/ext/pkix/name/general.rs
@@ -4,7 +4,7 @@ use super::{EdiPartyName, OtherName};
 use crate::name::Name;
 
 use der::asn1::{Ia5StringRef, ObjectIdentifier, OctetStringRef};
-use der::Choice;
+use der::{Choice, ValueOrd};
 
 /// GeneralNames as defined in [RFC 5280 Section 4.2.1.6].
 ///
@@ -34,7 +34,7 @@ pub type GeneralNames<'a> = alloc::vec::Vec<GeneralName<'a>>;
 /// This implementation does not currently support the `x400Address` choice.
 ///
 /// [RFC 5280 Section 4.2.1.6]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.6
-#[derive(Clone, Debug, Eq, PartialEq, Choice)]
+#[derive(Clone, Debug, Eq, PartialEq, Choice, ValueOrd)]
 #[allow(missing_docs)]
 pub enum GeneralName<'a> {
     #[asn1(context_specific = "0", tag_mode = "IMPLICIT", constructed = "true")]
diff --git a/src/ext/pkix/name/other.rs b/src/ext/pkix/name/other.rs
index 4a250bb..a33601c 100644
--- a/src/ext/pkix/name/other.rs
+++ b/src/ext/pkix/name/other.rs
@@ -1,4 +1,4 @@
-use der::{asn1::ObjectIdentifier, AnyRef, Sequence};
+use der::{asn1::ObjectIdentifier, AnyRef, Sequence, ValueOrd};
 
 /// OtherName as defined in [RFC 5280 Section 4.2.1.6].
 ///
@@ -10,7 +10,7 @@ use der::{asn1::ObjectIdentifier, AnyRef, Sequence};
 /// ```
 ///
 /// [RFC 5280 Section 4.2.1.6]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.6
-#[derive(Clone, Debug, Eq, PartialEq, Sequence)]
+#[derive(Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)]
 #[allow(missing_docs)]
 pub struct OtherName<'a> {
     pub type_id: ObjectIdentifier,
diff --git a/src/ext/pkix/policymap.rs b/src/ext/pkix/policymap.rs
index 35b1d49..e6b55ba 100644
--- a/src/ext/pkix/policymap.rs
+++ b/src/ext/pkix/policymap.rs
@@ -3,7 +3,7 @@ use alloc::vec::Vec;
 use const_oid::db::rfc5280::ID_CE_POLICY_MAPPINGS;
 use const_oid::AssociatedOid;
 use der::asn1::ObjectIdentifier;
-use der::Sequence;
+use der::{Sequence, ValueOrd};
 
 /// PolicyMappings as defined in [RFC 5280 Section 4.2.1.5].
 ///
@@ -31,7 +31,7 @@ impl_newtype!(PolicyMappings, Vec<PolicyMapping>);
 /// ```
 ///
 /// [RFC 5280 Section 4.2.1.5]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.5
-#[derive(Clone, Debug, Eq, PartialEq, Sequence)]
+#[derive(Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)]
 #[allow(missing_docs)]
 pub struct PolicyMapping {
     pub issuer_domain_policy: ObjectIdentifier,
diff --git a/src/lib.rs b/src/lib.rs
index 651bdc7..1221c3c 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -2,8 +2,8 @@
 #![cfg_attr(docsrs, feature(doc_cfg))]
 #![doc = include_str!("../README.md")]
 #![doc(
-    html_logo_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg",
-    html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg"
+    html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg",
+    html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg"
 )]
 #![forbid(unsafe_code)]
 #![warn(
@@ -36,3 +36,4 @@ pub mod time;
 
 pub use certificate::{Certificate, PkiPath, TbsCertificate, Version};
 pub use der;
+pub use spki;
diff --git a/src/macros.rs b/src/macros.rs
index 3256c24..638d516 100644
--- a/src/macros.rs
+++ b/src/macros.rs
@@ -69,5 +69,12 @@ macro_rules! impl_newtype {
                 self.0.value_len()
             }
         }
+
+        #[allow(unused_lifetimes)]
+        impl<'a> ::der::ValueOrd for $newtype {
+            fn value_cmp(&self, other: &Self) -> ::der::Result<::core::cmp::Ordering> {
+                self.0.value_cmp(&other.0)
+            }
+        }
     };
 }
diff --git a/src/time.rs b/src/time.rs
index e938c13..d1f2ec5 100644
--- a/src/time.rs
+++ b/src/time.rs
@@ -3,7 +3,7 @@
 use core::fmt;
 use core::time::Duration;
 use der::asn1::{GeneralizedTime, UtcTime};
-use der::{Choice, DateTime, Decode, Error, Result, Sequence};
+use der::{Choice, DateTime, Decode, Error, Result, Sequence, ValueOrd};
 
 #[cfg(feature = "std")]
 use std::time::SystemTime;
@@ -21,7 +21,7 @@ use std::time::SystemTime;
 ///
 /// [RFC 5280 Section 4.1.2.5]: https://tools.ietf.org/html/rfc5280#section-4.1.2.5
 /// [RFC 5280 Appendix A]: https://tools.ietf.org/html/rfc5280#page-117
-#[derive(Choice, Copy, Clone, Debug, Eq, PartialEq)]
+#[derive(Choice, Copy, Clone, Debug, Eq, PartialEq, ValueOrd)]
 pub enum Time {
     /// Legacy UTC time (has 2-digit year, valid only through 2050).
     #[asn1(type = "UTCTime")]
@@ -113,7 +113,7 @@ impl TryFrom<SystemTime> for Time {
 /// }
 /// ```
 /// [RFC 5280 Section 4.1.2.5]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.5
-#[derive(Copy, Clone, Debug, Eq, PartialEq, Sequence)]
+#[derive(Copy, Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)]
 pub struct Validity {
     /// notBefore value
     pub not_before: Time,
diff --git a/tests/certificate.rs b/tests/certificate.rs
index e952ca3..86215e3 100644
--- a/tests/certificate.rs
+++ b/tests/certificate.rs
@@ -127,7 +127,7 @@ fn reencode_cert() {
     let parsed_coverage_tbs =
         DeferDecodeTbsCertificate::from_der(defer_cert.tbs_certificate).unwrap();
 
-    // TODO - defer decode then reencode version field
+    // TODO - defer decode then re-encode version field
 
     let encoded_serial = parsed_tbs.serial_number.to_vec().unwrap();
     assert_eq!(parsed_coverage_tbs.serial_number, encoded_serial);
diff --git a/tests/name.rs b/tests/name.rs
index 6a4a5fa..e52b2c7 100644
--- a/tests/name.rs
+++ b/tests/name.rs
@@ -1,7 +1,7 @@
 //! Name tests
 
 use const_oid::ObjectIdentifier;
-use der::asn1::{OctetStringRef, SetOfVec, Utf8StringRef};
+use der::asn1::{Ia5StringRef, OctetStringRef, PrintableStringRef, SetOfVec, Utf8StringRef};
 use der::{AnyRef, Decode, Encode, Tag, Tagged};
 use hex_literal::hex;
 use x509_cert::attr::AttributeTypeAndValue;
@@ -207,7 +207,7 @@ fn rdns_serde() {
                 &[
                     AttributeTypeAndValue {
                         oid: const_oid::db::rfc4519::C,
-                        value: AnyRef::from(Utf8StringRef::new("baz").unwrap()),
+                        value: AnyRef::from(PrintableStringRef::new("baz").unwrap()),
                     },
                     AttributeTypeAndValue {
                         oid: const_oid::db::rfc4519::L,
@@ -226,11 +226,11 @@ fn rdns_serde() {
                 }],
                 &[AttributeTypeAndValue {
                     oid: const_oid::db::rfc4519::DC,
-                    value: AnyRef::from(Utf8StringRef::new("example").unwrap()),
+                    value: AnyRef::from(Ia5StringRef::new("example").unwrap()),
                 }],
                 &[AttributeTypeAndValue {
                     oid: const_oid::db::rfc4519::DC,
-                    value: AnyRef::from(Utf8StringRef::new("net").unwrap()),
+                    value: AnyRef::from(Ia5StringRef::new("net").unwrap()),
                 }],
             ],
         ),
@@ -250,11 +250,11 @@ fn rdns_serde() {
                 ],
                 &[AttributeTypeAndValue {
                     oid: const_oid::db::rfc4519::DC,
-                    value: AnyRef::from(Utf8StringRef::new("example").unwrap()),
+                    value: AnyRef::from(Ia5StringRef::new("example").unwrap()),
                 }],
                 &[AttributeTypeAndValue {
                     oid: const_oid::db::rfc4519::DC,
-                    value: AnyRef::from(Utf8StringRef::new("net").unwrap()),
+                    value: AnyRef::from(Ia5StringRef::new("net").unwrap()),
                 }],
             ],
         ),
@@ -268,11 +268,11 @@ fn rdns_serde() {
                 }],
                 &[AttributeTypeAndValue {
                     oid: const_oid::db::rfc4519::DC,
-                    value: AnyRef::from(Utf8StringRef::new("example").unwrap()),
+                    value: AnyRef::from(Ia5StringRef::new("example").unwrap()),
                 }],
                 &[AttributeTypeAndValue {
                     oid: const_oid::db::rfc4519::DC,
-                    value: AnyRef::from(Utf8StringRef::new("net").unwrap()),
+                    value: AnyRef::from(Ia5StringRef::new("net").unwrap()),
                 }],
             ],
         ),
@@ -286,11 +286,11 @@ fn rdns_serde() {
                 }],
                 &[AttributeTypeAndValue {
                     oid: const_oid::db::rfc4519::DC,
-                    value: AnyRef::from(Utf8StringRef::new("example").unwrap()),
+                    value: AnyRef::from(Ia5StringRef::new("example").unwrap()),
                 }],
                 &[AttributeTypeAndValue {
                     oid: const_oid::db::rfc4519::DC,
-                    value: AnyRef::from(Utf8StringRef::new("net").unwrap()),
+                    value: AnyRef::from(Ia5StringRef::new("net").unwrap()),
                 }],
             ],
         ),
diff --git a/tests/pkix_extensions.rs b/tests/pkix_extensions.rs
index d6af0b9..c08fcb8 100644
--- a/tests/pkix_extensions.rs
+++ b/tests/pkix_extensions.rs
@@ -1001,6 +1001,35 @@ fn decode_idp() {
         }
     }
 
+    // Tag on second RDN in first name is TeletexString (20) instead of PrintableString (19)
+    let idp =
+        IssuingDistributionPoint::from_der(&hex!("30820168A0820161A082015DA4753073310B3009060355040613025553311F301D060355040A14165465737420436572746966696361746573203230313731183016060355040B130F696E64697265637443524C204341353129302706035504031320696E6469726563742043524C20666F7220696E64697265637443524C20434136A4753073310B3009060355040613025553311F301D060355040A13165465737420436572746966696361746573203230313731183016060355040B130F696E64697265637443524C204341353129302706035504031320696E6469726563742043524C20666F7220696E64697265637443524C20434137A46D306B310B3009060355040613025553311F301D060355040A13165465737420436572746966696361746573203230313731183016060355040B130F696E64697265637443524C204341353121301F0603550403131843524C3120666F7220696E64697265637443524C204341358401FF")).unwrap();
+    assert_eq!(idp.only_contains_ca_certs, false);
+    assert_eq!(idp.only_contains_attribute_certs, false);
+    assert_eq!(idp.only_contains_user_certs, false);
+    assert_eq!(idp.indirect_crl, true);
+    assert!(idp.only_some_reasons.is_none());
+    assert!(idp.distribution_point.is_some());
+    let dp = idp.distribution_point.unwrap();
+    match dp {
+        DistributionPointName::FullName(dp) => {
+            assert_eq!(3, dp.len());
+            for gn in dp {
+                match gn {
+                    GeneralName::DirectoryName(gn) => {
+                        assert_eq!(4, gn.0.len());
+                    }
+                    _ => {
+                        panic!("Expected DirectoryName")
+                    }
+                }
+            }
+        }
+        _ => {
+            panic!("Expected FullName")
+        }
+    }
+
     //---------------------------------
     // Negative tests
     //---------------------------------
@@ -1091,12 +1120,6 @@ fn decode_idp() {
     let err = idp.err().unwrap();
     assert_eq!(ErrorKind::Noncanonical { tag: Tag::Boolean }, err.kind());
 
-    // Tag on second RDN in first name is TeletexString (20) instead of PrintableString (19) (and TeletexString is not supported)
-    let idp =
-        IssuingDistributionPoint::from_der(&hex!("30820168A0820161A082015DA4753073310B3009060355040613025553311F301D060355040A14165465737420436572746966696361746573203230313731183016060355040B130F696E64697265637443524C204341353129302706035504031320696E6469726563742043524C20666F7220696E64697265637443524C20434136A4753073310B3009060355040613025553311F301D060355040A13165465737420436572746966696361746573203230313731183016060355040B130F696E64697265637443524C204341353129302706035504031320696E6469726563742043524C20666F7220696E64697265637443524C20434137A46D306B310B3009060355040613025553311F301D060355040A13165465737420436572746966696361746573203230313731183016060355040B130F696E64697265637443524C204341353121301F0603550403131843524C3120666F7220696E64697265637443524C204341358401FF"));
-    let err = idp.err().unwrap();
-    assert_eq!(ErrorKind::TagUnknown { byte: 20u8.into() }, err.kind());
-
     // Length on second RDN in first name indicates more bytes than are present
     let idp =
         IssuingDistributionPoint::from_der(&hex!("30820168A0820161A082015DA4753073310B3009060355040613025553311F301D060355040A13995465737420436572746966696361746573203230313731183016060355040B130F696E64697265637443524C204341353129302706035504031320696E6469726563742043524C20666F7220696E64697265637443524C20434136A4753073310B3009060355040613025553311F301D060355040A13165465737420436572746966696361746573203230313731183016060355040B130F696E64697265637443524C204341353129302706035504031320696E6469726563742043524C20666F7220696E64697265637443524C20434137A46D306B310B3009060355040613025553311F301D060355040A13165465737420436572746966696361746573203230313731183016060355040B130F696E64697265637443524C204341353121301F0603550403131843524C3120666F7220696E64697265637443524C204341358401FF"));
diff --git a/tests/validity.rs b/tests/validity.rs
index fcdffcd..d243773 100644
--- a/tests/validity.rs
+++ b/tests/validity.rs
@@ -89,7 +89,7 @@ fn decode_validity() {
 
 #[test]
 fn encode_validity() {
-    // Decode Validity from GoodCACert.crt in NIST's PKITS certificate collection then reencode
+    // Decode Validity from GoodCACert.crt in NIST's PKITS certificate collection then re-encode
     // 102  30:     SEQUENCE {
     // 104  13:       UTCTime 01/01/2010 08:30:00 GMT
     // 119  13:       UTCTime 31/12/2030 08:30:00 GMT