Correct tagging in cms.AttCertIssuer #220
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Another tagging issue with X.509 attribute certificates (compare #218 and #219). This one is a bit more fundamental, since it affects all V2 attribute certificates.
While doing some interoperability testing with other tooling that handles X.509 attribute certificates (BouncyCastle, as it happens), I discovered that neither library was able to parse the other's ACs.
After doing some digging, I found that the definition of
AttCertIssuer
inasn1crypto
has a typo: since the ASN.1 module uses implicit tags (see e.g. RFC 5755), thev2_form
alternative needs to be tagged implicitly, not explicitly.Side note: the rule mandating that all choice types be tagged explicitly only applies to the case where the tag's "argument" is a choice type, not to tagging within a choice type.
I've fixed the issue and added a regression test (using a pathological AC without any attributes).