diff options
author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2017-09-26 10:23:24 +0800 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2017-09-25 22:23:24 -0400 |
commit | 72c92f5ed1a3fe1b5196e0247bbe4cbe5e93c1a7 (patch) | |
tree | 2d7c2ddc1174a8185ac1a0d13b4189ae1b70b3ad /src/cryptography/hazmat/backends/openssl/decode_asn1.py | |
parent | 7bb0210ef9e4cd7c822ea3864bd7b18f3877c24b (diff) | |
download | cryptography-72c92f5ed1a3fe1b5196e0247bbe4cbe5e93c1a7.tar.gz cryptography-72c92f5ed1a3fe1b5196e0247bbe4cbe5e93c1a7.tar.bz2 cryptography-72c92f5ed1a3fe1b5196e0247bbe4cbe5e93c1a7.zip |
both parse and encode the ASN1 string type for Name attributes (#3896)
* both parse and encode the ASN1 string type for Name attributes
Previously cryptography encoded everything (except country names) as
UTF8String. This caused problems with chain building in libraries like
NSS where the subject and issuer are expected to match byte-for-byte.
With this change we now parse and store the ASN1 string type as a
private _type in NameAttribute. We then use this to encode when issuing
a new certificate. This allows the CertificateBuilder to properly
construct an identical issuer and fixes the issue with NSS.
* make the sentinel private too
Diffstat (limited to 'src/cryptography/hazmat/backends/openssl/decode_asn1.py')
-rw-r--r-- | src/cryptography/hazmat/backends/openssl/decode_asn1.py | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/decode_asn1.py b/src/cryptography/hazmat/backends/openssl/decode_asn1.py index ec55a9e8..2665fb22 100644 --- a/src/cryptography/hazmat/backends/openssl/decode_asn1.py +++ b/src/cryptography/hazmat/backends/openssl/decode_asn1.py @@ -11,6 +11,7 @@ from asn1crypto.core import Integer, SequenceOf from cryptography import x509 from cryptography.x509.extensions import _TLS_FEATURE_TYPE_TO_ENUM +from cryptography.x509.name import _ASN1_TYPE_TO_ENUM from cryptography.x509.oid import ( CRLEntryExtensionOID, CertificatePoliciesOID, ExtensionOID ) @@ -51,8 +52,9 @@ def _decode_x509_name_entry(backend, x509_name_entry): backend.openssl_assert(data != backend._ffi.NULL) value = _asn1_string_to_utf8(backend, data) oid = _obj2txt(backend, obj) + type = _ASN1_TYPE_TO_ENUM[data.type] - return x509.NameAttribute(x509.ObjectIdentifier(oid), value) + return x509.NameAttribute(x509.ObjectIdentifier(oid), value, type) def _decode_x509_name(backend, x509_name): |