Merge pull request #1879 from reaperhulk/san-dirname

add support for directory name general names

2 files changed, 29 insertions, 0 deletions

diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index 23aa95c4..5558f140 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -103,6 +103,10 @@ def _build_general_name(backend, gn):
                 )[:]
             )
         )
+    elif gn.type == backend._lib.GEN_DIRNAME:
+        return x509.DirectoryName(
+            _build_x509_name(backend, gn.d.directoryName)
+        )
     else:
         # otherName, x400Address or ediPartyName
         raise x509.UnsupportedGeneralNameType(
diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py
index 5c35c970..d38fe573 100644
--- a/tests/test_x509_ext.py
+++ b/tests/test_x509_ext.py
@@ -831,3 +831,28 @@ class TestRSASubjectAlternativeNameExtension(object):
             ipaddress.ip_address(u"127.0.0.1"),
             ipaddress.ip_address(u"ff::")
         ] == ip
+
+    def test_dirname(self, backend):
+        cert = _load_cert(
+            os.path.join(
+                "x509", "custom", "san_dirname.pem"
+            ),
+            x509.load_pem_x509_certificate,
+            backend
+        )
+        ext = cert.extensions.get_extension_for_oid(
+            x509.OID_SUBJECT_ALTERNATIVE_NAME
+        )
+        assert ext is not None
+        assert ext.critical is False
+
+        san = ext.value
+
+        dirname = san.get_values_for_type(x509.DirectoryName)
+        assert [
+            x509.Name([
+                x509.NameAttribute(x509.OID_COMMON_NAME, 'test'),
+                x509.NameAttribute(x509.OID_ORGANIZATION_NAME, 'Org'),
+                x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, 'Texas'),
+            ])
+        ] == dirname