Merge pull request #2104 from alex/csr-san

Added support for SANs in CSRs

2 files changed, 15 insertions, 0 deletions

diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index c7ca2ad1..80e5f2b1 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -770,5 +770,6 @@ _CSR_EXTENSION_PARSER = _X509ExtensionParser(
     get_ext=lambda backend, x, i: backend._lib.sk_X509_EXTENSION_value(x, i),
     handlers={
         x509.OID_BASIC_CONSTRAINTS: _decode_basic_constraints,
+        x509.OID_SUBJECT_ALTERNATIVE_NAME: _decode_subject_alt_name,
     }
 )
diff --git a/tests/test_x509.py b/tests/test_x509.py
index ac910392..1e0c9cdc 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -592,6 +592,20 @@ class TestRSACertificateRequest(object):
             ),
         ]
 
+    def test_subject_alt_name(self, backend):
+        request = _load_cert(
+            os.path.join("x509", "requests", "san_rsa_sha1.pem"),
+            x509.load_pem_x509_csr,
+            backend,
+        )
+        ext = request.extensions.get_extension_for_oid(
+            x509.OID_SUBJECT_ALTERNATIVE_NAME
+        )
+        assert list(ext.value) == [
+            x509.DNSName(u"cryptography.io"),
+            x509.DNSName(u"sub.cryptography.io"),
+        ]
+
     def test_public_bytes_pem(self, backend):
         # Load an existing CSR.
         request = _load_cert(