diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2015-07-05 11:19:38 -0400 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2015-07-05 11:19:38 -0400 |
| commit | d5f718c19c09f529ff34b319a1e2e0e7f1862a9a (patch) | |
| tree | e96284a62f24d00ef19c02e219f196fdc607b203 | |
| parent | 230989fe958bedbe4be3aef3761d452f28bb45ea (diff) | |
| download | cryptography-d5f718c19c09f529ff34b319a1e2e0e7f1862a9a.tar.gz cryptography-d5f718c19c09f529ff34b319a1e2e0e7f1862a9a.tar.bz2 cryptography-d5f718c19c09f529ff34b319a1e2e0e7f1862a9a.zip | |
Organize code a bit better
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/backend.py | 25 | ||||
| -rw-r--r-- | tests/test_x509.py | 18 |
2 files changed, 33 insertions, 10 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index f05b0515..753cb50d 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -139,20 +139,25 @@ def _encode_basic_constraints(backend, basic_constraints): def _encode_subject_alt_name(backend, san): general_names = backend._lib.GENERAL_NAMES_new() assert general_names != backend._ffi.NULL - # TODO: GC + general_names = backend._ffi.gc( + general_names, backend._lib.GENERAL_NAMES_free + ) for alt_name in san: - assert isinstance(alt_name, x509.DNSName) gn = backend._lib.GENERAL_NAME_new() assert gn != backend._ffi.NULL - gn.type = backend._lib.GEN_DNS - ia5 = backend._lib.ASN1_IA5STRING_new() - assert ia5 != backend._ffi.NULL - gn.d.dNSName = ia5 - # TODO: idna - value = alt_name.value.encode("ascii") - res = backend._lib.ASN1_STRING_set(gn.d.dNSName, value, len(value)) - assert res == 1 + # TODO: GC? + if isinstance(alt_name, x509.DNSName): + gn.type = backend._lib.GEN_DNS + ia5 = backend._lib.ASN1_IA5STRING_new() + assert ia5 != backend._ffi.NULL + # TODO: idna + value = alt_name.value.encode("ascii") + res = backend._lib.ASN1_STRING_set(ia5, value, len(value)) + assert res == 1 + gn.d.dNSName = ia5 + else: + raise NotImplementedError("Only DNSNames are supported right now") res = backend._lib.sk_GENERAL_NAME_push(general_names, gn) assert res == 1 diff --git a/tests/test_x509.py b/tests/test_x509.py index 3975d5b6..6cc0fc48 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -935,6 +935,24 @@ class TestCertificateSigningRequestBuilder(object): x509.DNSName(u"google.com"), ] + def test_subject_alt_name_unsupported_general_name(self, backend): + private_key = RSA_KEY_2048.private_key(backend) + + builder = x509.CertificateSigningRequestBuilder().subject_name( + x509.Name([ + x509.NameAttribute(x509.OID_COMMON_NAME, u"SAN"), + ]) + ).add_extension( + x509.SubjectAlternativeName([ + x509.RFC822Name(u"test@example.com"), + ]), + critical=False, + ) + + with pytest.raises(NotImplementedError): + builder.sign(private_key, hashes.SHA256(), backend) + + @pytest.mark.requires_backend_interface(interface=DSABackend) @pytest.mark.requires_backend_interface(interface=X509Backend) |