diff options
| author | Jack Lloyd <[email protected]> | 2021-01-13 08:16:21 -0500 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2021-01-13 08:59:36 -0500 |
| commit | c015b7d604588b29395358d53b63956cdc38dd3a (patch) | |
| tree | 57afdd42d4e2fbd695c5a473d71aed4c644403bc /src/tests/unit_x509.cpp | |
| parent | ad751001a1c3a268852bdab5f6d7fdc96cacfc07 (diff) | |
Decode ASN.1 TeletexStrings strings correctly
Or at least less incorrectly.
These were asserted to be UTF-8 subsets which is totally wrong. Now we
decode it as a ISO-8859-1 string. This is also wrong, but it seems the
majority of implementations which used TeletexString actually used
Latin1 instead of T.61 encoding.
RFC 3280 says that implemenations should try to accept either
ISO-8859-1 or T.61 in TeletexString. I'm honestly not sure how or if
it is possible to distinguish them reliably.
TeletexString has been "SHOULD NOT" since 2002 so hopefully there are
very few such certificates still valid.
Diffstat (limited to 'src/tests/unit_x509.cpp')
| -rw-r--r-- | src/tests/unit_x509.cpp | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/src/tests/unit_x509.cpp b/src/tests/unit_x509.cpp index 33799cf09..6aec4d5ec 100644 --- a/src/tests/unit_x509.cpp +++ b/src/tests/unit_x509.cpp @@ -562,6 +562,30 @@ Test::Result test_x509_bmpstring() return result; } +Test::Result test_x509_teletex() + { + Test::Result result("X509 with TeletexString encoded fields"); + + try + { + Botan::X509_Certificate teletex_cert(Test::data_file("x509/misc/teletex_dn.der")); + + const Botan::X509_DN& issuer_dn = teletex_cert.issuer_dn(); + + const std::string common_name = + "neam Gesellschaft f\xc3\xbcr Kommunikationsl\xc3\xb6sungen mbH"; + + result.test_eq("O", issuer_dn.get_first_attribute("O"), "neam CA"); + result.test_eq("CN", issuer_dn.get_first_attribute("CN"), common_name); + } + catch (const Botan::Decoding_Error &ex) + { + result.test_failure(ex.what()); + } + + return result; + } + Test::Result test_x509_authority_info_access_extension() { Test::Result result("X509 with PKIX.AuthorityInformationAccess extension"); @@ -1715,6 +1739,7 @@ class X509_Cert_Unit_Tests final : public Test #if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) results.push_back(test_x509_utf8()); results.push_back(test_x509_bmpstring()); + results.push_back(test_x509_teletex()); results.push_back(test_crl_dn_name()); results.push_back(test_x509_decode_list()); results.push_back(test_rsa_oaep()); |