From 09dac85eca33fb4f4ccf2d156769ff9507b437a2 Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Thu, 8 May 2008 17:58:11 +0000
Subject: Compensate for ancient EmailAddress attribute braindamage deprecated
 by RFC 3280 but still allowed in subject names.  Feh.

svn path=/pow/POW-0.7/lib/pkix.py; revision=1753
---
 pow/POW-0.7/lib/pkix.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'pow/POW-0.7/lib/pkix.py')

diff --git a/pow/POW-0.7/lib/pkix.py b/pow/POW-0.7/lib/pkix.py
index d2aa942c..b47aee56 100755
--- a/pow/POW-0.7/lib/pkix.py
+++ b/pow/POW-0.7/lib/pkix.py
@@ -333,13 +333,20 @@ class Validity(Sequence):
       contents = [self.notBefore, self.notAfter]
       Sequence.__init__(self, contents, optional, default)
 
+# IA5String should not be allowed in DirectoryString, but old
+# implementations (deprecated but not quite outlawed by RFC 3280)
+# sometimes use it for EmailAddress attributes in subject names, which
+# triggers decode failures here unless we violate RFC 3280 by allowing
+# IA5String.  Do not use, do not use, do not use.
+
 class DirectoryString(Choice):
    def __init__(self, optional=0, default=''):
       choices =   {  'teletexString'            :  T61String(),
                      'printableString'          :  PrintableString(),
                      'universalString'          :  UniversalString(),
                      'bmpString'                :  BmpString(),
-                     'utf8String'               :  Utf8String()   } 
+                     'utf8String'               :  Utf8String(),
+                     'ia5String'                :  IA5String()    } 
 
       Choice.__init__(self, choices, optional, default)
 
-- 
cgit v1.2.3