Encoded UID DN fields as DirectoryString (e.g., PrintableString), not

as IA5String.  Add IA5String as a CHOICE for DirectoryString, to deal
with backwards compatibility if there are IA5String UID fields out
there that were generated by older versions.  Reported by Max
Kellermann <max@duempel.org>.

1 files changed, 6 insertions, 2 deletions

diff --git a/lib/pkix.asn b/lib/pkix.asn
index 52e6f109fd..979ff9c0ac 100644
--- a/lib/pkix.asn
+++ b/lib/pkix.asn
@@ -114,7 +114,11 @@ DirectoryString ::= CHOICE {
       printableString           PrintableString (SIZE (1..MAX)),
       universalString           UniversalString (SIZE (1..MAX)),
       utf8String              UTF8String (SIZE (1..MAX)),
-      bmpString               BMPString (SIZE(1..MAX))   }
+      bmpString               BMPString (SIZE(1..MAX)),
+      -- IA5String is added here to handle old UID encoded as ia5String --
+      -- See tests/userid/ for more information.  It shouldn't be here, --
+      -- so if it causes problems, considering dropping it. --
+      ia5String               IA5String (SIZE(1..MAX)) }
 
 id-ce-subjectAltName OBJECT IDENTIFIER ::=  { id-ce 17 }
 
@@ -1187,7 +1191,7 @@ ldap-DC ::= IA5String
 
 id-at-ldap-UID AttributeType ::= { 0 9 2342 19200300 100 1 1 }
 
-ldap-UID ::= IA5String
+ldap-UID ::= DirectoryString
 
 -- rfc3039