From aafb4124876f27dfaa3cead3ac643a5956cabd3b Mon Sep 17 00:00:00 2001
From: Michael Gebetsroither <michael@mgeb.org>
Date: Wed, 3 Oct 2012 15:46:27 +0200
Subject: [PATCH] let openssl figure out certificate format

background: common converted pkcs#12 certificates from openssl do not start
with string '-----' because they include a 'Bag Attributes' header
---
 rfc3161/api.py | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/rfc3161/api.py b/rfc3161/api.py
index c9ee9bd..ebc3361 100644
--- a/rfc3161/api.py
+++ b/rfc3161/api.py
@@ -26,10 +26,11 @@ def check_timestamp(tst, certificate, data=None, sha1=None):
         if substrate:
             return False, "extra data after tst"
     signed_data = tst.content
-    if certificate.startswith('-----'):
-        certificate = X509.load_cert_string(certificate, X509.FORMAT_PEM)
-    elif certificate:
-        certificate = X509.load_cert_string(certificate, X509.FORMAT_DER)
+    if certificate != "":
+        try:
+            certificate = X509.load_cert_string(certificate, X509.FORMAT_PEM)
+        except:
+            certificate = X509.load_cert_string(certificate, X509.FORMAT_DER)
     else:
         return False, "missing certificate"
     # check message imprint with respect to locally computed digest