diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2015-07-11 21:21:56 -0500 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2015-07-11 21:21:56 -0500 |
| commit | c8e9861396914451086f8410df7e7575a9b23bd7 (patch) | |
| tree | b9584293a7f40194cb7f23567b5d8e03eca35ffd | |
| parent | 3fe1543c9e4c04604967a9524aa5b2e641bc9ede (diff) | |
| parent | 065b7b81984b8dbb24910d438b9ea0128db0b0bf (diff) | |
| download | cryptography-c8e9861396914451086f8410df7e7575a9b23bd7.tar.gz cryptography-c8e9861396914451086f8410df7e7575a9b23bd7.tar.bz2 cryptography-c8e9861396914451086f8410df7e7575a9b23bd7.zip | |
Merge pull request #2134 from reaperhulk/encode-dirname
support DirectoryName encoding for general names
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/backend.py | 18 | ||||
| -rw-r--r-- | tests/test_x509.py | 12 |
2 files changed, 28 insertions, 2 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index d6493778..af675116 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -89,8 +89,10 @@ def _encode_asn1_str(backend, data, length): def _encode_name(backend, attributes): + """ + The X509_NAME created will not be gc'd. Use _encode_name_gc if needed. + """ subject = backend._lib.X509_NAME_new() - subject = backend._ffi.gc(subject, backend._lib.X509_NAME_free) for attribute in attributes: value = attribute.value.encode('utf8') obj = _txt2obj(backend, attribute.oid.dotted_string) @@ -105,6 +107,12 @@ def _encode_name(backend, attributes): return subject +def _encode_name_gc(backend, attributes): + subject = _encode_name(backend, attributes) + subject = backend._ffi.gc(subject, backend._lib.X509_NAME_free) + return subject + + def _txt2obj(backend, name): """ Converts a Python string with an ASN.1 object ID in dotted form to a @@ -171,6 +179,12 @@ def _encode_subject_alt_name(backend, san): ) assert obj != backend._ffi.NULL gn.d.registeredID = obj + elif isinstance(alt_name, x509.DirectoryName): + gn = backend._lib.GENERAL_NAME_new() + assert gn != backend._ffi.NULL + name = _encode_name(backend, alt_name.value) + gn.type = backend._lib.GEN_DIRNAME + gn.d.directoryName = name else: raise NotImplementedError( "Only DNSName and RegisteredID supported right now" @@ -874,7 +888,7 @@ class Backend(object): # Set subject name. res = self._lib.X509_REQ_set_subject_name( - x509_req, _encode_name(self, builder._subject_name) + x509_req, _encode_name_gc(self, builder._subject_name) ) assert res == 1 diff --git a/tests/test_x509.py b/tests/test_x509.py index 9c97e969..6ad891b1 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -995,6 +995,12 @@ class TestCertificateSigningRequestBuilder(object): x509.DNSName(u"example.com"), x509.DNSName(u"*.example.com"), x509.RegisteredID(x509.ObjectIdentifier("1.2.3.4.5.6.7")), + x509.DirectoryName(x509.Name([ + x509.NameAttribute(x509.OID_COMMON_NAME, u'PyCA'), + x509.NameAttribute( + x509.OID_ORGANIZATION_NAME, u'We heart UTF8!\u2122' + ) + ])), ]), critical=False, ).sign(private_key, hashes.SHA256(), backend) @@ -1009,6 +1015,12 @@ class TestCertificateSigningRequestBuilder(object): x509.DNSName(u"example.com"), x509.DNSName(u"*.example.com"), x509.RegisteredID(x509.ObjectIdentifier("1.2.3.4.5.6.7")), + x509.DirectoryName(x509.Name([ + x509.NameAttribute(x509.OID_COMMON_NAME, u'PyCA'), + x509.NameAttribute( + x509.OID_ORGANIZATION_NAME, u'We heart UTF8!\u2122' + ), + ])), ] def test_subject_alt_name_unsupported_general_name(self, backend): |