Add support for subjectAltName's otherName entity

Lack of otherName support break https connection to some servers: CACert, for example, automatically adds an id-on-xmppAddr[1] object for each subjectAltName. This result in the following exception: PyAsn1Error: TagSet(Tag(tagClass=0, tagFormat=0, tagId=6), Tag(tagClass=128, tagFormat=32, tagId=0)) not in asn1Spec: GeneralName() Other CA might do similar things... [1]: RFC3920 (XMPP Core) section 5.1 & 5.1.1
Gu1 · Dec 26, 2013 · 50289e2 · 50289e2
1 parent 9eea189
commit 50289e2
Showing 1 changed file with 12 additions and 3 deletions.
diff --git a/ndg/httpsclient/subj_alt_name.py b/ndg/httpsclient/subj_alt_name.py
@@ -99,12 +99,21 @@ class Extensions(univ.SequenceOf):
     sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX)
 
 
+class AnotherName(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('type-id', univ.ObjectIdentifier()),
+        namedtype.NamedType('value', univ.Any().subtype(
+                            explicitTag=tag.Tag(tag.tagClassContext,
+                                                tag.tagFormatSimple, 0)))
+        )
+
+
 class GeneralName(univ.Choice):
     '''ASN.1 configuration for X.509 certificate subjectAltNames fields'''
     componentType = namedtype.NamedTypes(
-#        namedtype.NamedType('otherName', AnotherName().subtype(
-#                            implicitTag=tag.Tag(tag.tagClassContext,
-#                                                tag.tagFormatSimple, 0))),
+        namedtype.NamedType('otherName', AnotherName().subtype(
+                            implicitTag=tag.Tag(tag.tagClassContext,
+                                                tag.tagFormatSimple, 0))),
         namedtype.NamedType('rfc822Name', char.IA5String().subtype(
                             implicitTag=tag.Tag(tag.tagClassContext,
                                                 tag.tagFormatSimple, 1))),