From 4629349275c4a1b1a7ec0c7d3b6dfc03ddf2f9e7 Mon Sep 17 00:00:00 2001
From: S-P Chan <shihping.chan@gmail.com>
Date: Wed, 20 Mar 2024 23:14:30 +0800
Subject: [PATCH] RFC 7468 allows a larger character set in PEM label

---
 asn1crypto/pem.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/asn1crypto/pem.py b/asn1crypto/pem.py
index 511ea4b5..aba35c87 100644
--- a/asn1crypto/pem.py
+++ b/asn1crypto/pem.py
@@ -109,6 +109,11 @@ def armor(type_name, der_bytes, headers=None):
     return output.getvalue()
 
 
+# RFC 7468#page-5
+LABEL_CHARS = '[!-,.-~]'  # 0x21-0x2C, 0x2E-0x7E
+LABEL_PAT = re.compile(f'^(?:---- |-----)BEGIN ({LABEL_CHARS}(([- ]?{LABEL_CHARS})*))?(?: ----|-----)'.encode('ascii'))
+
+
 def _unarmor(pem_bytes):
     """
     Convert a PEM-encoded byte string into one or more DER-encoded byte strings
@@ -150,8 +155,9 @@ def _unarmor(pem_bytes):
 
         if state == "trash":
             # Look for a starting line since some CA cert bundle show the cert
-            # into in a parsed format above each PEM block
-            type_name_match = re.match(b'^(?:---- |-----)BEGIN ([A-Z0-9 ]+)(?: ----|-----)', line)
+            # info in a parsed format above each PEM block
+
+            type_name_match = LABEL_PAT.match(line)
             if not type_name_match:
                 continue
             object_type = type_name_match.group(1).decode('ascii')