Merge pull request #1872 from reaperhulk/san-rfc822-ip-dirname

add support for ipaddress to general name parsing
author: Alex Gaynor <alex.gaynor@gmail.com> 2015-04-30 10:01:32 -0400
committer: Alex Gaynor <alex.gaynor@gmail.com> 2015-04-30 10:01:32 -0400
commit: b3995a9a0708b49e0d29091420022ba5445f72c5 (patch)
tree: f18b17e61716cc5e8b0f2a860647cb63a94216bd
parent: a3527ac922e9b75c0fe6c229ca5c2b1c38910abd (diff)
parent: a5f030cebb43d5b378c67d72bc8a0474d1ea846e (diff)
download: cryptography-b3995a9a0708b49e0d29091420022ba5445f72c5.tar.gz
cryptography-b3995a9a0708b49e0d29091420022ba5445f72c5.tar.bz2
cryptography-b3995a9a0708b49e0d29091420022ba5445f72c5.zip
2 files changed, 31 insertions, 0 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index 3a660d81..23aa95c4 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -14,6 +14,7 @@
 from __future__ import absolute_import, division, print_function
 
 import datetime
+import ipaddress
 
 import idna
 
@@ -94,6 +95,14 @@ def _build_general_name(backend, gn):
     elif gn.type == backend._lib.GEN_RID:
         oid = _obj2txt(backend, gn.d.registeredID)
         return x509.RegisteredID(x509.ObjectIdentifier(oid))
+    elif gn.type == backend._lib.GEN_IPADD:
+        return x509.IPAddress(
+            ipaddress.ip_address(
+                backend._ffi.buffer(
+                    gn.d.iPAddress.data, gn.d.iPAddress.length
+                )[:]
+            )
+        )
     else:
         # otherName, x400Address or ediPartyName
         raise x509.UnsupportedGeneralNameType(
diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py
index 881dfbfa..5c35c970 100644
--- a/tests/test_x509_ext.py
+++ b/tests/test_x509_ext.py
@@ -809,3 +809,25 @@ class TestRSASubjectAlternativeNameExtension(object):
             u"lo",
             u"http://someregulardomain.com",
         ]
+
+    def test_ipaddress(self, backend):
+        cert = _load_cert(
+            os.path.join(
+                "x509", "custom", "san_ipaddr.pem"
+            ),
+            x509.load_pem_x509_certificate,
+            backend
+        )
+        ext = cert.extensions.get_extension_for_oid(
+            x509.OID_SUBJECT_ALTERNATIVE_NAME
+        )
+        assert ext is not None
+        assert ext.critical is False
+
+        san = ext.value
+
+        ip = san.get_values_for_type(x509.IPAddress)
+        assert [
+            ipaddress.ip_address(u"127.0.0.1"),
+            ipaddress.ip_address(u"ff::")
+        ] == ip
author	Alex Gaynor <alex.gaynor@gmail.com>	2015-04-30 10:01:32 -0400
committer	Alex Gaynor <alex.gaynor@gmail.com>	2015-04-30 10:01:32 -0400
commit	b3995a9a0708b49e0d29091420022ba5445f72c5 (patch)
tree	f18b17e61716cc5e8b0f2a860647cb63a94216bd
parent	a3527ac922e9b75c0fe6c229ca5c2b1c38910abd (diff)
parent	a5f030cebb43d5b378c67d72bc8a0474d1ea846e (diff)
download	cryptography-b3995a9a0708b49e0d29091420022ba5445f72c5.tar.gz cryptography-b3995a9a0708b49e0d29091420022ba5445f72c5.tar.bz2 cryptography-b3995a9a0708b49e0d29091420022ba5445f72c5.zip