diff options
author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-06-17 18:31:26 -0600 |
---|---|---|
committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-06-17 18:31:26 -0600 |
commit | f54a50bc6cdb215c2cc7d6fb4ca524e109f0411c (patch) | |
tree | 5c489ea695164dfc76c577bec246103dd3a90642 | |
parent | b0e8ffac859b20512428321b685346685af2c0c7 (diff) | |
download | cryptography-f54a50bc6cdb215c2cc7d6fb4ca524e109f0411c.tar.gz cryptography-f54a50bc6cdb215c2cc7d6fb4ca524e109f0411c.tar.bz2 cryptography-f54a50bc6cdb215c2cc7d6fb4ca524e109f0411c.zip |
support OCSPNoCheck in the OpenSSL backend
-rw-r--r-- | src/cryptography/hazmat/backends/openssl/x509.py | 2 | ||||
-rw-r--r-- | tests/test_x509_ext.py | 17 |
2 files changed, 19 insertions, 0 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index f46dd1b7..a836e6a7 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -288,6 +288,8 @@ class _Certificate(object): value = _decode_certificate_policies(self._backend, ext) elif oid == x509.OID_CRL_DISTRIBUTION_POINTS: value = _decode_crl_distribution_points(self._backend, ext) + elif oid == x509.OID_OCSP_NO_CHECK: + value = x509.OCSPNoCheck() elif critical: raise x509.UnsupportedExtension( "{0} is not currently supported".format(oid), oid diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py index d836164b..c906f1e5 100644 --- a/tests/test_x509_ext.py +++ b/tests/test_x509_ext.py @@ -2395,6 +2395,23 @@ class TestCRLDistributionPointsExtension(object): ]) +@pytest.mark.requires_backend_interface(interface=RSABackend) +@pytest.mark.requires_backend_interface(interface=X509Backend) +class TestOCSPNoCheckExtension(object): + def test_nocheck(self, backend): + cert = _load_cert( + os.path.join( + "x509", "custom", "ocsp_nocheck.pem" + ), + x509.load_pem_x509_certificate, + backend + ) + ext = cert.extensions.get_extension_for_oid( + x509.OID_OCSP_NO_CHECK + ) + assert isinstance(ext.value, x509.OCSPNoCheck) + + class TestInhibitAnyPolicy(object): def test_not_int(self): with pytest.raises(TypeError): |