From 322f8cd091e25d6c17df37c044514c468a9172ce Mon Sep 17 00:00:00 2001
From: S-P Chan <shihping.chan@gmail.com>
Date: Wed, 20 Mar 2024 23:14:30 +0800
Subject: [PATCH] RFC 7468 allows a larger character set in PEM label

---
 asn1crypto/pem.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/asn1crypto/pem.py b/asn1crypto/pem.py
index 511ea4b5..bf7e560e 100644
--- a/asn1crypto/pem.py
+++ b/asn1crypto/pem.py
@@ -14,6 +14,7 @@
 import base64
 import re
 import sys
+import string
 
 from ._errors import unwrap
 from ._types import type_name as _type_name, str_cls, byte_cls
@@ -144,14 +145,19 @@ def _unarmor(pem_bytes):
     found_start = False
     found_end = False
 
+    # RFC 7468#page-5
+    label_chars = '[!-,.-~]'  # 0x21-0x2C, 0x2E-0x7E
+    label_re = rf'''^(?:---- |-----)BEGIN ({label_chars}(([- ]?{label_chars})*))?(?: ----|-----)'''.encode('ascii')
+
     for line in pem_bytes.splitlines(False):
         if line == b'':
             continue
 
         if state == "trash":
             # Look for a starting line since some CA cert bundle show the cert
-            # into in a parsed format above each PEM block
-            type_name_match = re.match(b'^(?:---- |-----)BEGIN ([A-Z0-9 ]+)(?: ----|-----)', line)
+            # info in a parsed format above each PEM block
+
+            type_name_match = re.match(label_re, line)
             if not type_name_match:
                 continue
             object_type = type_name_match.group(1).decode('ascii')