From 87b2749c52e688c809f1861e55d958c64147493c Mon Sep 17 00:00:00 2001
From: Andrea De Pasquale <447065+adepasquale@users.noreply.github.com>
Date: Thu, 19 Mar 2020 20:23:35 +0100
Subject: Allow NameAttribute.value to be an empty string (#5109)

* Allow NameAttribute.value to be an empty string

RFC 4514 https://tools.ietf.org/html/rfc4514 does not mention that
"AttributeValue" can not be an empty (zero-length) string.

Fixes #5106

* reverse order to match fix from another PR

Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com>
---
 src/cryptography/x509/name.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/cryptography/x509/name.py b/src/cryptography/x509/name.py
index 922cab5a..6816e063 100644
--- a/src/cryptography/x509/name.py
+++ b/src/cryptography/x509/name.py
@@ -54,6 +54,9 @@ _NAMEOID_TO_NAME = {
 def _escape_dn_value(val):
     """Escape special characters in RFC4514 Distinguished Name value."""
 
+    if not val:
+        return ''
+
     # See https://tools.ietf.org/html/rfc4514#section-2.4
     val = val.replace('\\', '\\\\')
     val = val.replace('"', '\\"')
@@ -93,9 +96,6 @@ class NameAttribute(object):
                     "Country name must be a 2 character country code"
                 )
 
-        if len(value) == 0:
-            raise ValueError("Value cannot be an empty string")
-
         # The appropriate ASN1 string type varies by OID and is defined across
         # multiple RFCs including 2459, 3280, and 5280. In general UTF8String
         # is preferred (2459), but 3280 and 5280 specify several OIDs with
-- 
cgit v1.2.3