From df4b09f8afb19df8eab2138c1eaa5a1ebb5fd2af Mon Sep 17 00:00:00 2001
From: Nicolas Williams <nico@twosigma.com>
Date: Mon, 9 Aug 2021 11:15:41 -0500
Subject: [PATCH] asn1: Also pretty-print cert policies

---
 lib/asn1/check-gen.c  | 323 +++++++++++++++++++++---------------------
 lib/asn1/rfc2459.asn1 |  25 +++-
 2 files changed, 184 insertions(+), 164 deletions(-)

diff --git a/lib/asn1/check-gen.c b/lib/asn1/check-gen.c
index 57f13525d..3fb486241 100644
--- a/lib/asn1/check-gen.c
+++ b/lib/asn1/check-gen.c
@@ -2183,167 +2183,168 @@ test_ios(void)
       0x75, 0x06,
     };
     char cert_json[] = {
-        "{\"_type\":\"Certificate\",\"tbsCertificate\":{\"_type\":\"TBSCertificate"
-        "\",\"_save\":\"30820376A00302010202146A0597BA71D7E6D3AC0EDC9EDC95A15"
-        "B998DE40A300D06092A864886F70D01010B05003055310B30090603550406130"
-        "24348311E301C060355040A131553544D6963726F656C656374726F6E6963732"
-        "04E56312630240603550403131D53544D2054504D20454B20496E7465726D656"
-        "469617465204341203035301E170D3138313231343030303030305A170D32383"
-        "13231343030303030305A300030820122300D06092A864886F70D01010105000"
-        "382010F003082010A0282010100CC14EB27A78CEB0EA486FA2DF7835F5FA8E90"
-        "5B097012B5BDE50380C355B1A2A721BBC3D08DD21796CDB239FA95310651B1B5"
-        "6FD2CFE53C87352EBD996E33256160404CE9302A08066801E786A2F86E181F94"
-        "9966F492A85B58EAA4A6A8CB3697551BB236E87CC7BF8EC1347871C91E15437E"
-        "8F266BF1EA5EB271FDCF374D8B47DF8BCE89E1FAD61C2A088CB4036B359CB72A"
-        "294973FEDCCF0C340AFFD14B64F041165581ACA34147C1C75617047058F7ED7D"
-        "603E032508094FA73E8B9153DA3BF255D2CBBC5DF301BA8F74D198BEBCE86040"
-        "FC1D2927C7657414490D802F482F3EBF2DE35EE149A1A6DE8D16891FBFBA02A1"
-        "8AFE59F9D6F149744E5F0D559B10203010001A38201A9308201A5301F0603551"
-        "D230418301680141ADB994AB58BE57A0CC9B900E7851E1A43C08660304206035"
-        "51D20043B303930370604551D2000302F302D06082B060105050702011621687"
-        "474703A2F2F7777772E73742E636F6D2F54504D2F7265706F7369746F72792F3"
-        "0590603551D110101FF044F304DA44B304931163014060567810502010C0B696"
-        "43A353335343444323031173015060567810502020C0C5354333348545048414"
-        "8433031163014060567810502030C0B69643A303034393030303830670603551"
-        "D090460305E301706056781050210310E300C0C03322E300201000202008A304"
-        "306056781050212313A30380201000101FFA0030A0101A1030A0100A2030A010"
-        "0A310300E1603332E310A01040A01020101FFA40F300D16053134302D320A010"
-        "2010100300E0603551D0F0101FF040403020520300C0603551D130101FF04023"
-        "00030100603551D250409300706056781050801304A06082B060105050701010"
-        "43E303C303A06082B06010505073002862E687474703A2F2F7365637572652E6"
-        "76C6F62616C7369676E2E636F6D2F73746D74706D656B696E7430352E637274\""
-        ",\"version\":\"rfc3280_version_3\",\"serialNumber\":\"6A0597BA71D7E6D3A"
-        "C0EDC9EDC95A15B998DE40A\",\"signature\":{\"_type\":\"AlgorithmIdentifi"
-        "er\",\"algorithm\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"1.2.840.1135"
-        "49.1.1.11\",\"components\":[1,2,840,113549,1,1,11],\"name\":\"id-pkcs1"
-        "-sha256WithRSAEncryption\"},\"parameters\":\"0500\"},\"issuer\":{\"_choi"
-        "ce\":\"rdnSequence\",\"value\":[[{\"_type\":\"AttributeTypeAndValue\",\"ty"
-        "pe\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"2.5.4.6\",\"components\":[2"
-        ",5,4,6],\"name\":\"id-at-countryName\"},\"value\":{\"_choice\":\"printabl"
-        "eString\",\"value\":\"CH\"}}],[{\"_type\":\"AttributeTypeAndValue\",\"type"
-        "\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"2.5.4.10\",\"components\":[2,"
-        "5,4,10],\"name\":\"id-at-organizationName\"},\"value\":{\"_choice\":\"pri"
-        "ntableString\",\"value\":\"STMicroelectronics NV\"}}],[{\"_type\":\"Attr"
-        "ibuteTypeAndValue\",\"type\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"2."
-        "5.4.3\",\"components\":[2,5,4,3],\"name\":\"id-at-commonName\"},\"value\""
-        ":{\"_choice\":\"printableString\",\"value\":\"STM TPM EK Intermediate C"
-        "A 05\"}}]]},\"validity\":{\"_type\":\"Validity\",\"notBefore\":{\"_choice\""
-        ":\"utcTime\",\"value\":\"2018-12-14T00:00:00Z\"},\"notAfter\":{\"_choice\""
-        ":\"utcTime\",\"value\":\"2028-12-14T00:00:00Z\"}},\"subject\":{\"_choice\""
-        ":\"rdnSequence\",\"value\":[]},\"subjectPublicKeyInfo\":{\"_type\":\"Subj"
-        "ectPublicKeyInfo\",\"algorithm\":{\"_type\":\"AlgorithmIdentifier\",\"al"
-        "gorithm\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"1.2.840.113549.1.1."
-        "1\",\"components\":[1,2,840,113549,1,1,1],\"name\":\"id-pkcs1-rsaEncry"
-        "ption\"},\"parameters\":\"0500\"},\"subjectPublicKey\":\"2160:3082010A02"
-        "82010100CC14EB27A78CEB0EA486FA2DF7835F5FA8E905B097012B5BDE50380C"
-        "355B1A2A721BBC3D08DD21796CDB239FA95310651B1B56FD2CFE53C87352EBD9"
-        "96E33256160404CE9302A08066801E786A2F86E181F949966F492A85B58EAA4A"
-        "6A8CB3697551BB236E87CC7BF8EC1347871C91E15437E8F266BF1EA5EB271FDC"
-        "F374D8B47DF8BCE89E1FAD61C2A088CB4036B359CB72A294973FEDCCF0C340AF"
-        "FD14B64F041165581ACA34147C1C75617047058F7ED7D603E032508094FA73E8"
-        "B9153DA3BF255D2CBBC5DF301BA8F74D198BEBCE86040FC1D2927C7657414490"
-        "D802F482F3EBF2DE35EE149A1A6DE8D16891FBFBA02A18AFE59F9D6F149744E5"
-        "F0D559B10203010001\"},\"issuerUniqueID\":null,\"subjectUniqueID\":nul"
-        "l,\"extensions\":[{\"_type\":\"Extension\",\"extnID\":{\"_type\":\"OBJECT I"
-        "DENTIFIER\",\"oid\":\"2.5.29.35\",\"components\":[2,5,29,35],\"name\":\"id"
-        "-x509-ce-authorityKeyIdentifier\"},\"critical\":false,\"extnValue\":\""
-        "301680141ADB994AB58BE57A0CC9B900E7851E1A43C08660\",\"_extnValue_ch"
-        "oice\":\"ext-AuthorityKeyIdentifier\",\"_extnValue\":{\"_type\":\"Author"
-        "ityKeyIdentifier\",\"keyIdentifier\":\"1ADB994AB58BE57A0CC9B900E7851"
-        "E1A43C08660\",\"authorityCertIssuer\":null,\"authorityCertSerialNumb"
-        "er\":null}},{\"_type\":\"Extension\",\"extnID\":{\"_type\":\"OBJECT IDENTI"
-        "FIER\",\"oid\":\"2.5.29.32\",\"components\":[2,5,29,32],\"name\":\"id-x509"
-        "-ce-certificatePolicies\"},\"critical\":false,\"extnValue\":\"30393037"
-        "0604551D2000302F302D06082B060105050702011621687474703A2F2F777777"
-        "2E73742E636F6D2F54504D2F7265706F7369746F72792F\",\"_extnValue_choi"
-        "ce\":\"ext-CertificatePolicies\",\"_extnValue\":[{\"_type\":\"PolicyInfo"
-        "rmation\",\"policyIdentifier\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\""
-        "2.5.29.32.0\",\"components\":[2,5,29,32,0],\"name\":\"id-x509-ce-certi"
-        "ficatePolicies-anyPolicy\"},\"policyQualifiers\":[{\"_type\":\"PolicyQ"
-        "ualifierInfo\",\"policyQualifierId\":{\"_type\":\"OBJECT IDENTIFIER\",\""
-        "oid\":\"1.3.6.1.5.5.7.2.1\",\"components\":[1,3,6,1,5,5,7,2,1],\"name\""
-        ":\"id-pkix-qt-cps\"},\"qualifier\":\"1621687474703A2F2F7777772E73742E"
-        "636F6D2F54504D2F7265706F7369746F72792F\"}]}]},{\"_type\":\"Extension"
-        "\",\"extnID\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"2.5.29.17\",\"compo"
-        "nents\":[2,5,29,17],\"name\":\"id-x509-ce-subjectAltName\"},\"critical"
-        "\":true,\"extnValue\":\"304DA44B304931163014060567810502010C0B69643A"
-        "353335343444323031173015060567810502020C0C5354333348545048414843"
-        "3031163014060567810502030C0B69643A3030343930303038\",\"_extnValue_"
-        "choice\":\"ext-SubjectAltName\",\"_extnValue\":[{\"_choice\":\"directory"
-        "Name\",\"value\":{\"_choice\":\"rdnSequence\",\"value\":[[{\"_type\":\"Attri"
-        "buteTypeAndValue\",\"type\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"2.2"
-        "3.133.2.1\",\"components\":[2,23,133,2,1],\"name\":\"tcg-at-tpmManufac"
-        "turer\"},\"value\":{\"_choice\":\"utf8String\",\"value\":\"id:53544D20\"}}]"
-        ",[{\"_type\":\"AttributeTypeAndValue\",\"type\":{\"_type\":\"OBJECT IDENT"
-        "IFIER\",\"oid\":\"2.23.133.2.2\",\"components\":[2,23,133,2,2],\"name\":\""
-        "tcg-at-tpmModel\"},\"value\":{\"_choice\":\"utf8String\",\"value\":\"ST33H"
-        "TPHAHC0\"}}],[{\"_type\":\"AttributeTypeAndValue\",\"type\":{\"_type\":\"O"
-        "BJECT IDENTIFIER\",\"oid\":\"2.23.133.2.3\",\"components\":[2,23,133,2,"
-        "3],\"name\":\"tcg-at-tpmVersion\"},\"value\":{\"_choice\":\"utf8String\",\""
-        "value\":\"id:00490008\"}}]]}}]},{\"_type\":\"Extension\",\"extnID\":{\"_ty"
-        "pe\":\"OBJECT IDENTIFIER\",\"oid\":\"2.5.29.9\",\"components\":[2,5,29,9]"
-        ",\"name\":\"id-x509-ce-subjectDirectoryAttributes\"},\"critical\":fals"
-        "e,\"extnValue\":\"305E301706056781050210310E300C0C03322E30020100020"
-        "2008A304306056781050212313A30380201000101FFA0030A0101A1030A0100A"
-        "2030A0100A310300E1603332E310A01040A01020101FFA40F300D16053134302"
-        "D320A0102010100\",\"_extnValue_choice\":\"ext-SubjectDirectoryAttrib"
-        "utes\",\"_extnValue\":[{\"_type\":\"AttributeSet\",\"type\":{\"_type\":\"OBJ"
-        "ECT IDENTIFIER\",\"oid\":\"2.23.133.2.16\",\"components\":[2,23,133,2,1"
-        "6],\"name\":\"tcg-at-tpmSpecification\"},\"values\":[\"300C0C03322E3002"
-        "01000202008A\"],\"_values_choice\":\"at-TPMSpecification\",\"_values\":"
-        "[{\"_type\":\"TPMSpecification\",\"family\":\"2.0\",\"level\":0,\"revision\""
-        ":138}]},{\"_type\":\"AttributeSet\",\"type\":{\"_type\":\"OBJECT IDENTIFI"
-        "ER\",\"oid\":\"2.23.133.2.18\",\"components\":[2,23,133,2,18],\"name\":\"t"
-        "cg-at-tpmSecurityAssertions\"},\"values\":[\"30380201000101FFA0030A0"
-        "101A1030A0100A2030A0100A310300E1603332E310A01040A01020101FFA40F3"
-        "00D16053134302D320A0102010100\"],\"_values_choice\":\"at-TPMSecurity"
-        "Assertions\",\"_values\":[{\"_type\":\"TPMSecurityAssertions\",\"version"
-        "\":0,\"fieldUpgradable\":true,\"ekGenerationType\":\"ekgt-injected\",\"e"
-        "kGenerationLocation\":\"tpmManufacturer\",\"ekCertificateGenerationL"
-        "ocation\":\"tpmManufacturer\",\"ccInfo\":{\"_type\":\"CommonCriteriaMeas"
-        "ures\",\"version\":\"3.1\",\"assurancelevel\":\"ealevel4\",\"evaluationSta"
-        "tus\":\"evaluationCompleted\",\"plus\":true,\"strengthOfFunction\":null"
-        ",\"profileOid\":null,\"profileUri\":null,\"targetOid\":null,\"targetUri"
-        "\":null},\"fipsLevel\":{\"_type\":\"FIPSLevel\",\"version\":\"140-2\",\"leve"
-        "l\":\"sllevel2\",\"plus\":false},\"iso9000Certified\":false,\"iso9000Uri"
-        "\":null}]}]},{\"_type\":\"Extension\",\"extnID\":{\"_type\":\"OBJECT IDENT"
-        "IFIER\",\"oid\":\"2.5.29.15\",\"components\":[2,5,29,15],\"name\":\"id-x50"
-        "9-ce-keyUsage\"},\"critical\":true,\"extnValue\":\"03020520\",\"_extnVal"
-        "ue_choice\":\"ext-KeyUsage\",\"_extnValue\":[\"keyEncipherment\"]},{\"_t"
-        "ype\":\"Extension\",\"extnID\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"2."
-        "5.29.19\",\"components\":[2,5,29,19],\"name\":\"id-x509-ce-basicConstr"
-        "aints\"},\"critical\":true,\"extnValue\":\"3000\",\"_extnValue_choice\":\""
-        "ext-BasicConstraints\",\"_extnValue\":{\"_type\":\"BasicConstraints\",\""
-        "cA\":false,\"pathLenConstraint\":null}},{\"_type\":\"Extension\",\"extnI"
-        "D\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"2.5.29.37\",\"components\":["
-        "2,5,29,37],\"name\":\"id-x509-ce-extKeyUsage\"},\"critical\":false,\"ex"
-        "tnValue\":\"300706056781050801\",\"_extnValue_choice\":\"ext-ExtKeyUsa"
-        "ge\",\"_extnValue\":[{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"2.23.133.8"
-        ".1\",\"components\":[2,23,133,8,1],\"name\":\"tcg-kp-EKCertificate\"}]}"
-        ",{\"_type\":\"Extension\",\"extnID\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid"
-        "\":\"1.3.6.1.5.5.7.1.1\",\"components\":[1,3,6,1,5,5,7,1,1],\"name\":\"i"
-        "d-pkix-pe-authorityInfoAccess\"},\"critical\":false,\"extnValue\":\"30"
-        "3C303A06082B06010505073002862E687474703A2F2F7365637572652E676C6F"
-        "62616C7369676E2E636F6D2F73746D74706D656B696E7430352E637274\",\"_ex"
-        "tnValue_choice\":\"ext-AuthorityInfoAccess\",\"_extnValue\":[{\"_type\""
-        ":\"AccessDescription\",\"accessMethod\":{\"_type\":\"OBJECT IDENTIFIER\""
-        ",\"oid\":\"1.3.6.1.5.5.7.48.2\",\"components\":[1,3,6,1,5,5,7,48,2],\"n"
-        "ame\":\"id-pkix-ad-caIssuers\"},\"accessLocation\":{\"_choice\":\"unifor"
-        "mResourceIdentifier\",\"value\":\"http://secure.globalsign.com/stmtp"
-        "mekint05.crt\"}}]}]},\"signatureAlgorithm\":{\"_type\":\"AlgorithmIden"
-        "tifier\",\"algorithm\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"1.2.840."
-        "113549.1.1.11\",\"components\":[1,2,840,113549,1,1,11],\"name\":\"id-p"
-        "kcs1-sha256WithRSAEncryption\"},\"parameters\":\"0500\"},\"signatureVa"
-        "lue\":\"2048:3D4C381E5B4F1BCBE09C63D52F1F04570CAEA142FD9CD942043B1"
-        "1F8E3BDCF50007AE16CF8869013041E92CDD3280BA4B51FBBD40582ED750219E"
-        "261A695095674855AACEB520ADAFF9E7E908480A39CDCF900462D9171960FFE5"
-        "5D3AC49E8C981341BBD2EFBCC252A4C18A4F3B7C84CCE42CE70A208C84D2630A"
-        "7ABFBE72D6271E75B9FF1C971D20EB3DBD763F1E04D834EAA692D2E4001BBF47"
-        "30A3E3FDA9711AE386524D91C63BE0E516D00D5C6141FCCF6C539F3518E18004"
-        "9865BE16B69CAE1F8CB7FDC474B38F7EE56CBE7D8A89D9BA99B65D5265AEF32A"
-        "A62426B10E6D75BB8677EC44F755BBC2806FD2B4E04BDF5D44259DBEAA42B6F5"
-        "63DF7AA7506\"}"
-    };
+	"{\"_type\":\"Certificate\",\"tbsCertificate\":{\"_type\":\"TBSCertificate"
+	"\",\"_save\":\"30820376A00302010202146A0597BA71D7E6D3AC0EDC9EDC95A15"
+	"B998DE40A300D06092A864886F70D01010B05003055310B30090603550406130"
+	"24348311E301C060355040A131553544D6963726F656C656374726F6E6963732"
+	"04E56312630240603550403131D53544D2054504D20454B20496E7465726D656"
+	"469617465204341203035301E170D3138313231343030303030305A170D32383"
+	"13231343030303030305A300030820122300D06092A864886F70D01010105000"
+	"382010F003082010A0282010100CC14EB27A78CEB0EA486FA2DF7835F5FA8E90"
+	"5B097012B5BDE50380C355B1A2A721BBC3D08DD21796CDB239FA95310651B1B5"
+	"6FD2CFE53C87352EBD996E33256160404CE9302A08066801E786A2F86E181F94"
+	"9966F492A85B58EAA4A6A8CB3697551BB236E87CC7BF8EC1347871C91E15437E"
+	"8F266BF1EA5EB271FDCF374D8B47DF8BCE89E1FAD61C2A088CB4036B359CB72A"
+	"294973FEDCCF0C340AFFD14B64F041165581ACA34147C1C75617047058F7ED7D"
+	"603E032508094FA73E8B9153DA3BF255D2CBBC5DF301BA8F74D198BEBCE86040"
+	"FC1D2927C7657414490D802F482F3EBF2DE35EE149A1A6DE8D16891FBFBA02A1"
+	"8AFE59F9D6F149744E5F0D559B10203010001A38201A9308201A5301F0603551"
+	"D230418301680141ADB994AB58BE57A0CC9B900E7851E1A43C08660304206035"
+	"51D20043B303930370604551D2000302F302D06082B060105050702011621687"
+	"474703A2F2F7777772E73742E636F6D2F54504D2F7265706F7369746F72792F3"
+	"0590603551D110101FF044F304DA44B304931163014060567810502010C0B696"
+	"43A353335343444323031173015060567810502020C0C5354333348545048414"
+	"8433031163014060567810502030C0B69643A303034393030303830670603551"
+	"D090460305E301706056781050210310E300C0C03322E300201000202008A304"
+	"306056781050212313A30380201000101FFA0030A0101A1030A0100A2030A010"
+	"0A310300E1603332E310A01040A01020101FFA40F300D16053134302D320A010"
+	"2010100300E0603551D0F0101FF040403020520300C0603551D130101FF04023"
+	"00030100603551D250409300706056781050801304A06082B060105050701010"
+	"43E303C303A06082B06010505073002862E687474703A2F2F7365637572652E6"
+	"76C6F62616C7369676E2E636F6D2F73746D74706D656B696E7430352E637274\""
+	",\"version\":\"rfc3280_version_3\",\"serialNumber\":\"6A0597BA71D7E6D3A"
+	"C0EDC9EDC95A15B998DE40A\",\"signature\":{\"_type\":\"AlgorithmIdentifi"
+	"er\",\"algorithm\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"1.2.840.1135"
+	"49.1.1.11\",\"components\":[1,2,840,113549,1,1,11],\"name\":\"id-pkcs1"
+	"-sha256WithRSAEncryption\"},\"parameters\":\"0500\"},\"issuer\":{\"_choi"
+	"ce\":\"rdnSequence\",\"value\":[[{\"_type\":\"AttributeTypeAndValue\",\"ty"
+	"pe\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"2.5.4.6\",\"components\":[2"
+	",5,4,6],\"name\":\"id-at-countryName\"},\"value\":{\"_choice\":\"printabl"
+	"eString\",\"value\":\"CH\"}}],[{\"_type\":\"AttributeTypeAndValue\",\"type"
+	"\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"2.5.4.10\",\"components\":[2,"
+	"5,4,10],\"name\":\"id-at-organizationName\"},\"value\":{\"_choice\":\"pri"
+	"ntableString\",\"value\":\"STMicroelectronics NV\"}}],[{\"_type\":\"Attr"
+	"ibuteTypeAndValue\",\"type\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"2."
+	"5.4.3\",\"components\":[2,5,4,3],\"name\":\"id-at-commonName\"},\"value\""
+	":{\"_choice\":\"printableString\",\"value\":\"STM TPM EK Intermediate C"
+	"A 05\"}}]]},\"validity\":{\"_type\":\"Validity\",\"notBefore\":{\"_choice\""
+	":\"utcTime\",\"value\":\"2018-12-14T00:00:00Z\"},\"notAfter\":{\"_choice\""
+	":\"utcTime\",\"value\":\"2028-12-14T00:00:00Z\"}},\"subject\":{\"_choice\""
+	":\"rdnSequence\",\"value\":[]},\"subjectPublicKeyInfo\":{\"_type\":\"Subj"
+	"ectPublicKeyInfo\",\"algorithm\":{\"_type\":\"AlgorithmIdentifier\",\"al"
+	"gorithm\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"1.2.840.113549.1.1."
+	"1\",\"components\":[1,2,840,113549,1,1,1],\"name\":\"id-pkcs1-rsaEncry"
+	"ption\"},\"parameters\":\"0500\"},\"subjectPublicKey\":\"2160:3082010A02"
+	"82010100CC14EB27A78CEB0EA486FA2DF7835F5FA8E905B097012B5BDE50380C"
+	"355B1A2A721BBC3D08DD21796CDB239FA95310651B1B56FD2CFE53C87352EBD9"
+	"96E33256160404CE9302A08066801E786A2F86E181F949966F492A85B58EAA4A"
+	"6A8CB3697551BB236E87CC7BF8EC1347871C91E15437E8F266BF1EA5EB271FDC"
+	"F374D8B47DF8BCE89E1FAD61C2A088CB4036B359CB72A294973FEDCCF0C340AF"
+	"FD14B64F041165581ACA34147C1C75617047058F7ED7D603E032508094FA73E8"
+	"B9153DA3BF255D2CBBC5DF301BA8F74D198BEBCE86040FC1D2927C7657414490"
+	"D802F482F3EBF2DE35EE149A1A6DE8D16891FBFBA02A18AFE59F9D6F149744E5"
+	"F0D559B10203010001\"},\"issuerUniqueID\":null,\"subjectUniqueID\":nul"
+	"l,\"extensions\":[{\"_type\":\"Extension\",\"extnID\":{\"_type\":\"OBJECT I"
+	"DENTIFIER\",\"oid\":\"2.5.29.35\",\"components\":[2,5,29,35],\"name\":\"id"
+	"-x509-ce-authorityKeyIdentifier\"},\"critical\":false,\"extnValue\":\""
+	"301680141ADB994AB58BE57A0CC9B900E7851E1A43C08660\",\"_extnValue_ch"
+	"oice\":\"ext-AuthorityKeyIdentifier\",\"_extnValue\":{\"_type\":\"Author"
+	"ityKeyIdentifier\",\"keyIdentifier\":\"1ADB994AB58BE57A0CC9B900E7851"
+	"E1A43C08660\",\"authorityCertIssuer\":null,\"authorityCertSerialNumb"
+	"er\":null}},{\"_type\":\"Extension\",\"extnID\":{\"_type\":\"OBJECT IDENTI"
+	"FIER\",\"oid\":\"2.5.29.32\",\"components\":[2,5,29,32],\"name\":\"id-x509"
+	"-ce-certificatePolicies\"},\"critical\":false,\"extnValue\":\"30393037"
+	"0604551D2000302F302D06082B060105050702011621687474703A2F2F777777"
+	"2E73742E636F6D2F54504D2F7265706F7369746F72792F\",\"_extnValue_choi"
+	"ce\":\"ext-CertificatePolicies\",\"_extnValue\":[{\"_type\":\"PolicyInfo"
+	"rmation\",\"policyIdentifier\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\""
+	"2.5.29.32.0\",\"components\":[2,5,29,32,0],\"name\":\"id-x509-ce-certi"
+	"ficatePolicies-anyPolicy\"},\"policyQualifiers\":[{\"_type\":\"PolicyQ"
+	"ualifierInfo\",\"policyQualifierId\":{\"_type\":\"OBJECT IDENTIFIER\",\""
+	"oid\":\"1.3.6.1.5.5.7.2.1\",\"components\":[1,3,6,1,5,5,7,2,1],\"name\""
+	":\"id-pkix-qt-cps\"},\"qualifier\":\"1621687474703A2F2F7777772E73742E"
+	"636F6D2F54504D2F7265706F7369746F72792F\",\"_qualifier_choice\":\"pq-"
+	"CPS\"}]}]},{\"_type\":\"Extension\",\"extnID\":{\"_type\":\"OBJECT IDENTIF"
+	"IER\",\"oid\":\"2.5.29.17\",\"components\":[2,5,29,17],\"name\":\"id-x509-"
+	"ce-subjectAltName\"},\"critical\":true,\"extnValue\":\"304DA44B3049311"
+	"63014060567810502010C0B69643A35333534344432303117301506056781050"
+	"2020C0C53543333485450484148433031163014060567810502030C0B69643A3"
+	"030343930303038\",\"_extnValue_choice\":\"ext-SubjectAltName\",\"_extn"
+	"Value\":[{\"_choice\":\"directoryName\",\"value\":{\"_choice\":\"rdnSequen"
+	"ce\",\"value\":[[{\"_type\":\"AttributeTypeAndValue\",\"type\":{\"_type\":\""
+	"OBJECT IDENTIFIER\",\"oid\":\"2.23.133.2.1\",\"components\":[2,23,133,2"
+	",1],\"name\":\"tcg-at-tpmManufacturer\"},\"value\":{\"_choice\":\"utf8Str"
+	"ing\",\"value\":\"id:53544D20\"}}],[{\"_type\":\"AttributeTypeAndValue\","
+	"\"type\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"2.23.133.2.2\",\"compon"
+	"ents\":[2,23,133,2,2],\"name\":\"tcg-at-tpmModel\"},\"value\":{\"_choice"
+	"\":\"utf8String\",\"value\":\"ST33HTPHAHC0\"}}],[{\"_type\":\"AttributeTyp"
+	"eAndValue\",\"type\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"2.23.133.2"
+	".3\",\"components\":[2,23,133,2,3],\"name\":\"tcg-at-tpmVersion\"},\"val"
+	"ue\":{\"_choice\":\"utf8String\",\"value\":\"id:00490008\"}}]]}}]},{\"_typ"
+	"e\":\"Extension\",\"extnID\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"2.5."
+	"29.9\",\"components\":[2,5,29,9],\"name\":\"id-x509-ce-subjectDirector"
+	"yAttributes\"},\"critical\":false,\"extnValue\":\"305E3017060567810502"
+	"10310E300C0C03322E300201000202008A304306056781050212313A30380201"
+	"000101FFA0030A0101A1030A0100A2030A0100A310300E1603332E310A01040A"
+	"01020101FFA40F300D16053134302D320A0102010100\",\"_extnValue_choice"
+	"\":\"ext-SubjectDirectoryAttributes\",\"_extnValue\":[{\"_type\":\"Attri"
+	"buteSet\",\"type\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"2.23.133.2.1"
+	"6\",\"components\":[2,23,133,2,16],\"name\":\"tcg-at-tpmSpecification\""
+	"},\"values\":[\"300C0C03322E300201000202008A\"],\"_values_choice\":\"at"
+	"-TPMSpecification\",\"_values\":[{\"_type\":\"TPMSpecification\",\"famil"
+	"y\":\"2.0\",\"level\":0,\"revision\":138}]},{\"_type\":\"AttributeSet\",\"ty"
+	"pe\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"2.23.133.2.18\",\"componen"
+	"ts\":[2,23,133,2,18],\"name\":\"tcg-at-tpmSecurityAssertions\"},\"valu"
+	"es\":[\"30380201000101FFA0030A0101A1030A0100A2030A0100A310300E1603"
+	"332E310A01040A01020101FFA40F300D16053134302D320A0102010100\"],\"_v"
+	"alues_choice\":\"at-TPMSecurityAssertions\",\"_values\":[{\"_type\":\"TP"
+	"MSecurityAssertions\",\"version\":0,\"fieldUpgradable\":true,\"ekGener"
+	"ationType\":\"ekgt-injected\",\"ekGenerationLocation\":\"tpmManufactur"
+	"er\",\"ekCertificateGenerationLocation\":\"tpmManufacturer\",\"ccInfo\""
+	":{\"_type\":\"CommonCriteriaMeasures\",\"version\":\"3.1\",\"assurancelev"
+	"el\":\"ealevel4\",\"evaluationStatus\":\"evaluationCompleted\",\"plus\":t"
+	"rue,\"strengthOfFunction\":null,\"profileOid\":null,\"profileUri\":nul"
+	"l,\"targetOid\":null,\"targetUri\":null},\"fipsLevel\":{\"_type\":\"FIPSL"
+	"evel\",\"version\":\"140-2\",\"level\":\"sllevel2\",\"plus\":false},\"iso900"
+	"0Certified\":false,\"iso9000Uri\":null}]}]},{\"_type\":\"Extension\",\"e"
+	"xtnID\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"2.5.29.15\",\"component"
+	"s\":[2,5,29,15],\"name\":\"id-x509-ce-keyUsage\"},\"critical\":true,\"ex"
+	"tnValue\":\"03020520\",\"_extnValue_choice\":\"ext-KeyUsage\",\"_extnVal"
+	"ue\":[\"keyEncipherment\"]},{\"_type\":\"Extension\",\"extnID\":{\"_type\":"
+	"\"OBJECT IDENTIFIER\",\"oid\":\"2.5.29.19\",\"components\":[2,5,29,19],\""
+	"name\":\"id-x509-ce-basicConstraints\"},\"critical\":true,\"extnValue\""
+	":\"3000\",\"_extnValue_choice\":\"ext-BasicConstraints\",\"_extnValue\":"
+	"{\"_type\":\"BasicConstraints\",\"cA\":false,\"pathLenConstraint\":null}"
+	"},{\"_type\":\"Extension\",\"extnID\":{\"_type\":\"OBJECT IDENTIFIER\",\"oi"
+	"d\":\"2.5.29.37\",\"components\":[2,5,29,37],\"name\":\"id-x509-ce-extKe"
+	"yUsage\"},\"critical\":false,\"extnValue\":\"300706056781050801\",\"_ext"
+	"nValue_choice\":\"ext-ExtKeyUsage\",\"_extnValue\":[{\"_type\":\"OBJECT "
+	"IDENTIFIER\",\"oid\":\"2.23.133.8.1\",\"components\":[2,23,133,8,1],\"na"
+	"me\":\"tcg-kp-EKCertificate\"}]},{\"_type\":\"Extension\",\"extnID\":{\"_t"
+	"ype\":\"OBJECT IDENTIFIER\",\"oid\":\"1.3.6.1.5.5.7.1.1\",\"components\":"
+	"[1,3,6,1,5,5,7,1,1],\"name\":\"id-pkix-pe-authorityInfoAccess\"},\"cr"
+	"itical\":false,\"extnValue\":\"303C303A06082B06010505073002862E68747"
+	"4703A2F2F7365637572652E676C6F62616C7369676E2E636F6D2F73746D74706"
+	"D656B696E7430352E637274\",\"_extnValue_choice\":\"ext-AuthorityInfoA"
+	"ccess\",\"_extnValue\":[{\"_type\":\"AccessDescription\",\"accessMethod\""
+	":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"1.3.6.1.5.5.7.48.2\",\"compon"
+	"ents\":[1,3,6,1,5,5,7,48,2],\"name\":\"id-pkix-ad-caIssuers\"},\"acces"
+	"sLocation\":{\"_choice\":\"uniformResourceIdentifier\",\"value\":\"http:"
+	"//secure.globalsign.com/stmtpmekint05.crt\"}}]}]},\"signatureAlgor"
+	"ithm\":{\"_type\":\"AlgorithmIdentifier\",\"algorithm\":{\"_type\":\"OBJEC"
+	"T IDENTIFIER\",\"oid\":\"1.2.840.113549.1.1.11\",\"components\":[1,2,84"
+	"0,113549,1,1,11],\"name\":\"id-pkcs1-sha256WithRSAEncryption\"},\"par"
+	"ameters\":\"0500\"},\"signatureValue\":\"2048:3D4C381E5B4F1BCBE09C63D5"
+	"2F1F04570CAEA142FD9CD942043B11F8E3BDCF50007AE16CF8869013041E92CD"
+	"D3280BA4B51FBBD40582ED750219E261A695095674855AACEB520ADAFF9E7E90"
+	"8480A39CDCF900462D9171960FFE55D3AC49E8C981341BBD2EFBCC252A4C18A4"
+	"F3B7C84CCE42CE70A208C84D2630A7ABFBE72D6271E75B9FF1C971D20EB3DBD7"
+	"63F1E04D834EAA692D2E4001BBF4730A3E3FDA9711AE386524D91C63BE0E516D"
+	"00D5C6141FCCF6C539F3518E180049865BE16B69CAE1F8CB7FDC474B38F7EE56"
+	"CBE7D8A89D9BA99B65D5265AEF32AA62426B10E6D75BB8677EC44F755BBC2806"
+	"FD2B4E04BDF5D44259DBEAA42B6F563DF7AA7506\""
+	"}"
+            };
     heim_octet_string os;
     Certificate c0, c1;
     size_t i, nknown, size;
diff --git a/lib/asn1/rfc2459.asn1 b/lib/asn1/rfc2459.asn1
index ecd525bdb..438b2a632 100644
--- a/lib/asn1/rfc2459.asn1
+++ b/lib/asn1/rfc2459.asn1
@@ -382,12 +382,17 @@ PrivateKeyUsagePeriod ::= SEQUENCE {
 
 -- certificate policies extension OID and syntax
 
+_POLICYQUALIFIERINFO ::= CLASS { -- Heimdal extension
+    &id  OBJECT IDENTIFIER UNIQUE,
+    &Type
+}
+
 CertPolicyId ::= OBJECT IDENTIFIER
 PolicyQualifierId ::= OBJECT IDENTIFIER -- ( id-qt-cps | id-qt-unotice )
 
-PolicyQualifierInfo ::= SEQUENCE {
-     policyQualifierId  PolicyQualifierId,
-     qualifier          HEIM_ANY -- ANY DEFINED BY policyQualifierId
+PolicyQualifierInfo{_POLICYQUALIFIERINFO:PolicyQualifierSet} ::= SEQUENCE {
+    policyQualifierId   _POLICYQUALIFIERINFO.&id({PolicyQualifierSet}),
+    qualifier _POLICYQUALIFIERINFO.&Type({PolicyQualifierSet}{@policyQualifierId})
 }
 
 PolicyQualifierInfos ::= SEQUENCE SIZE (1..MAX) OF PolicyQualifierInfo
@@ -1178,4 +1183,18 @@ id-pkix-ad-caIssuers    OBJECT IDENTIFIER ::= { id-pkix-ad 2 }
 id-pkix-ad-timeStamping OBJECT IDENTIFIER ::= { id-pkix-ad 3 }
 id-pkix-ad-caRepository OBJECT IDENTIFIER ::= { id-pkix-ad 5 }
 
+pq-CPS _POLICYQUALIFIERINFO ::= {
+    &id id-pkix-qt-cps,
+    &Type AliasIA5String
+}
+pq-UserNotice _POLICYQUALIFIERINFO ::= {
+    &id id-pkix-qt-unotice,
+    &Type UserNotice
+}
+KnownPolicyQualifiers _POLICYQUALIFIERINFO ::= {
+    pq-CPS
+  | pq-UserNotice
+}
+PolicyQualifierInfo ::= PolicyQualifierInfo{KnownPolicyQualifiers}
+
 END