diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2015-06-17 21:05:31 -0400 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2015-06-17 21:05:31 -0400 |
| commit | b28185dfa22184f9e9baaaffb9e7f4256cc2f6ad (patch) | |
| tree | 5c489ea695164dfc76c577bec246103dd3a90642 | |
| parent | b0e8ffac859b20512428321b685346685af2c0c7 (diff) | |
| parent | f54a50bc6cdb215c2cc7d6fb4ca524e109f0411c (diff) | |
| download | cryptography-b28185dfa22184f9e9baaaffb9e7f4256cc2f6ad.tar.gz cryptography-b28185dfa22184f9e9baaaffb9e7f4256cc2f6ad.tar.bz2 cryptography-b28185dfa22184f9e9baaaffb9e7f4256cc2f6ad.zip | |
Merge pull request #2037 from reaperhulk/x509-ossl-nocheck
support OCSPNoCheck in the OpenSSL backend
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/x509.py | 2 | ||||
| -rw-r--r-- | tests/test_x509_ext.py | 17 |
2 files changed, 19 insertions, 0 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index f46dd1b7..a836e6a7 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -288,6 +288,8 @@ class _Certificate(object): value = _decode_certificate_policies(self._backend, ext) elif oid == x509.OID_CRL_DISTRIBUTION_POINTS: value = _decode_crl_distribution_points(self._backend, ext) + elif oid == x509.OID_OCSP_NO_CHECK: + value = x509.OCSPNoCheck() elif critical: raise x509.UnsupportedExtension( "{0} is not currently supported".format(oid), oid diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py index d836164b..c906f1e5 100644 --- a/tests/test_x509_ext.py +++ b/tests/test_x509_ext.py @@ -2395,6 +2395,23 @@ class TestCRLDistributionPointsExtension(object): ]) +@pytest.mark.requires_backend_interface(interface=RSABackend) +@pytest.mark.requires_backend_interface(interface=X509Backend) +class TestOCSPNoCheckExtension(object): + def test_nocheck(self, backend): + cert = _load_cert( + os.path.join( + "x509", "custom", "ocsp_nocheck.pem" + ), + x509.load_pem_x509_certificate, + backend + ) + ext = cert.extensions.get_extension_for_oid( + x509.OID_OCSP_NO_CHECK + ) + assert isinstance(ext.value, x509.OCSPNoCheck) + + class TestInhibitAnyPolicy(object): def test_not_int(self): with pytest.raises(TypeError): |