From 509dce23c3ad62910b109ee38e742e27723e8459 Mon Sep 17 00:00:00 2001
From: S-P Chan <shihping.chan@gmail.com>
Date: Wed, 20 Mar 2024 23:14:30 +0800
Subject: [PATCH] RFC 7468 allows a larger character set in PEM label

---
 asn1crypto/pem.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/asn1crypto/pem.py b/asn1crypto/pem.py
index 511ea4b5..29ae9011 100644
--- a/asn1crypto/pem.py
+++ b/asn1crypto/pem.py
@@ -144,14 +144,19 @@ def _unarmor(pem_bytes):
     found_start = False
     found_end = False
 
+    # RFC 7468#page-5
+    label_chars = '[!-,.-~]'  # 0x21-0x2C, 0x2E-0x7E
+    label_re = f'^(?:---- |-----)BEGIN ({label_chars}(([- ]?{label_chars})*))?(?: ----|-----)'.encode('ascii')
+
     for line in pem_bytes.splitlines(False):
         if line == b'':
             continue
 
         if state == "trash":
             # Look for a starting line since some CA cert bundle show the cert
-            # into in a parsed format above each PEM block
-            type_name_match = re.match(b'^(?:---- |-----)BEGIN ([A-Z0-9 ]+)(?: ----|-----)', line)
+            # info in a parsed format above each PEM block
+
+            type_name_match = re.match(label_re, line)
             if not type_name_match:
                 continue
             object_type = type_name_match.group(1).decode('ascii')