diff options
author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2019-11-11 13:40:11 +0800 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2019-11-11 00:40:11 -0500 |
commit | 2e86983a77d02a38ef0485ebe7ab05c1c98a7685 (patch) | |
tree | d871fb70f5313bbd3919fe2f594890dd183521f2 /src/cryptography/hazmat/backends/openssl/decode_asn1.py | |
parent | c7ba7be8fe67c099339fcbcd90012fc257308628 (diff) | |
download | cryptography-2e86983a77d02a38ef0485ebe7ab05c1c98a7685.tar.gz cryptography-2e86983a77d02a38ef0485ebe7ab05c1c98a7685.tar.bz2 cryptography-2e86983a77d02a38ef0485ebe7ab05c1c98a7685.zip |
Parse single_extensions in OCSP responses (#5059)
* add single_extensions to OCSPResponse (#4753)
* new vector, updateed docs, more stringent parser, changelog, etc
* simplify PR (no SCT for now)
* add a comment
* finish pulling out the sct stuff so tests might actually run
Diffstat (limited to 'src/cryptography/hazmat/backends/openssl/decode_asn1.py')
-rw-r--r-- | src/cryptography/hazmat/backends/openssl/decode_asn1.py | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/decode_asn1.py b/src/cryptography/hazmat/backends/openssl/decode_asn1.py index 47c6c654..87a3cc73 100644 --- a/src/cryptography/hazmat/backends/openssl/decode_asn1.py +++ b/src/cryptography/hazmat/backends/openssl/decode_asn1.py @@ -857,6 +857,10 @@ _OCSP_BASICRESP_EXTENSION_HANDLERS = { OCSPExtensionOID.NONCE: _decode_nonce, } +# All revoked extensions are valid single response extensions, see: +# https://tools.ietf.org/html/rfc6960#section-4.4.5 +_OCSP_SINGLERESP_EXTENSION_HANDLERS = _REVOKED_EXTENSION_HANDLERS.copy() + _CERTIFICATE_EXTENSION_PARSER_NO_SCT = _X509ExtensionParser( ext_count=lambda backend, x: backend._lib.X509_get_ext_count(x), get_ext=lambda backend, x, i: backend._lib.X509_get_ext(x, i), @@ -898,3 +902,9 @@ _OCSP_BASICRESP_EXT_PARSER = _X509ExtensionParser( get_ext=lambda backend, x, i: backend._lib.OCSP_BASICRESP_get_ext(x, i), handlers=_OCSP_BASICRESP_EXTENSION_HANDLERS, ) + +_OCSP_SINGLERESP_EXT_PARSER = _X509ExtensionParser( + ext_count=lambda backend, x: backend._lib.OCSP_SINGLERESP_get_ext_count(x), + get_ext=lambda backend, x, i: backend._lib.OCSP_SINGLERESP_get_ext(x, i), + handlers=_OCSP_SINGLERESP_EXTENSION_HANDLERS, +) |