diff options
| author | Thomas Erbesdobler <t.erbesdobler@gmx.de> | 2020-03-03 03:26:07 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-03-02 21:26:07 -0500 |
| commit | ed71c5cc07e4a0bb7a58f4e0731e5af3d4d4aa53 (patch) | |
| tree | 4dd0830c94c9ecbe908a8a078b6851f5c60bca6d | |
| parent | d12fd8d1c2851cec4af76d77b9ef7beaa83e837c (diff) | |
| download | cryptography-ed71c5cc07e4a0bb7a58f4e0731e5af3d4d4aa53.tar.gz cryptography-ed71c5cc07e4a0bb7a58f4e0731e5af3d4d4aa53.tar.bz2 cryptography-ed71c5cc07e4a0bb7a58f4e0731e5af3d4d4aa53.zip | |
Reversed the order of RDNs in x509.Name.rfc4514_string() (#5120)
RFC4514 requires in section 2.1 that RDNs are converted to string
representation in reversed order.
| -rw-r--r-- | CHANGELOG.rst | 3 | ||||
| -rw-r--r-- | src/cryptography/x509/name.py | 12 | ||||
| -rw-r--r-- | tests/x509/test_x509.py | 6 |
3 files changed, 14 insertions, 7 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 31430d75..d7e1770b 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -20,6 +20,9 @@ Changelog * Added support for parsing :attr:`~cryptography.x509.ocsp.OCSPResponse.single_extensions` in an OCSP response. +* **BACKWARDS INCOMPATIBLE:** Reversed the order in which + :meth:`~cryptography.x509.Name.rfc4514_string` returns the RDNs as required by + RFC4514. .. _v2-8: diff --git a/src/cryptography/x509/name.py b/src/cryptography/x509/name.py index 0d58acdd..922cab5a 100644 --- a/src/cryptography/x509/name.py +++ b/src/cryptography/x509/name.py @@ -216,9 +216,11 @@ class Name(object): An X.509 name is a two-level structure: a list of sets of attributes. Each list element is separated by ',' and within each list element, set elements are separated by '+'. The latter is almost never used in - real world certificates. + real world certificates. According to RFC4514 section 2.1 the + RDNSequence must be reversed when converting to string representation. """ - return ','.join(attr.rfc4514_string() for attr in self._attributes) + return ','.join( + attr.rfc4514_string() for attr in reversed(self._attributes)) def get_attributes_for_oid(self, oid): return [i for i in self if i.oid == oid] @@ -253,7 +255,9 @@ class Name(object): return sum(len(rdn) for rdn in self._attributes) def __repr__(self): + rdns = ','.join(attr.rfc4514_string() for attr in self._attributes) + if six.PY2: - return "<Name({})>".format(self.rfc4514_string().encode('utf8')) + return "<Name({})>".format(rdns.encode('utf8')) else: - return "<Name({})>".format(self.rfc4514_string()) + return "<Name({})>".format(rdns) diff --git a/tests/x509/test_x509.py b/tests/x509/test_x509.py index fa3a41a7..fb0c96ab 100644 --- a/tests/x509/test_x509.py +++ b/tests/x509/test_x509.py @@ -4556,14 +4556,14 @@ class TestName(object): def test_rfc4514_string(self): n = x509.Name([ x509.RelativeDistinguishedName([ - x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, u'Sales'), - x509.NameAttribute(NameOID.COMMON_NAME, u'J. Smith'), + x509.NameAttribute(NameOID.DOMAIN_COMPONENT, u'net'), ]), x509.RelativeDistinguishedName([ x509.NameAttribute(NameOID.DOMAIN_COMPONENT, u'example'), ]), x509.RelativeDistinguishedName([ - x509.NameAttribute(NameOID.DOMAIN_COMPONENT, u'net'), + x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, u'Sales'), + x509.NameAttribute(NameOID.COMMON_NAME, u'J. Smith'), ]), ]) assert (n.rfc4514_string() == |