Don't raise an UnsupportedExtension for critical extensions. (#3550)

* Don't raise an UnsupportedExtension for critical extensions. Fixes #2903 Fixes #2901 Fixes #3325 * Don't link * Revert "Don't link" This reverts commit 4fe847f91d9dd45cdc28a4984c4e44aad62a5de6. * fix * Revert "Revert "Don't link"" This reverts commit 856031b5a1fbad04ac218fa94ebf37dcd402f3ed. * fix * Deprecate this * Better changelog entry
author: Alex Gaynor <alex.gaynor@gmail.com> 2017-05-20 09:01:54 -0700
committer: Paul Kehrer <paul.l.kehrer@gmail.com> 2017-05-20 09:01:54 -0700
commit: d08ddd5af21de62088c0236bfac1d647a6cb84a2 (patch)
tree: 39e09ecca23f734900cc55734c4fd9237e35ad6b /src/cryptography/hazmat/backends/openssl/decode_asn1.py
parent: 0d92ff8a1680911019dab64deeb4f7ea67224492 (diff)
download: cryptography-d08ddd5af21de62088c0236bfac1d647a6cb84a2.tar.gz
cryptography-d08ddd5af21de62088c0236bfac1d647a6cb84a2.tar.bz2
cryptography-d08ddd5af21de62088c0236bfac1d647a6cb84a2.zip
1 files changed, 8 insertions, 14 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/decode_asn1.py b/src/cryptography/hazmat/backends/openssl/decode_asn1.py
index b6910d9c..19df4c8c 100644
--- a/src/cryptography/hazmat/backends/openssl/decode_asn1.py
+++ b/src/cryptography/hazmat/backends/openssl/decode_asn1.py
@@ -215,20 +215,14 @@ class _X509ExtensionParser(object):
             try:
                 handler = self.handlers[oid]
             except KeyError:
-                if critical:
-                    raise x509.UnsupportedExtension(
-                        "Critical extension {0} is not currently supported"
-                        .format(oid), oid
-                    )
-                else:
-                    # Dump the DER payload into an UnrecognizedExtension object
-                    data = backend._lib.X509_EXTENSION_get_data(ext)
-                    backend.openssl_assert(data != backend._ffi.NULL)
-                    der = backend._ffi.buffer(data.data, data.length)[:]
-                    unrecognized = x509.UnrecognizedExtension(oid, der)
-                    extensions.append(
-                        x509.Extension(oid, critical, unrecognized)
-                    )
+                # Dump the DER payload into an UnrecognizedExtension object
+                data = backend._lib.X509_EXTENSION_get_data(ext)
+                backend.openssl_assert(data != backend._ffi.NULL)
+                der = backend._ffi.buffer(data.data, data.length)[:]
+                unrecognized = x509.UnrecognizedExtension(oid, der)
+                extensions.append(
+                    x509.Extension(oid, critical, unrecognized)
+                )
             else:
                 ext_data = backend._lib.X509V3_EXT_d2i(ext)
                 if ext_data == backend._ffi.NULL:
author	Alex Gaynor <alex.gaynor@gmail.com>	2017-05-20 09:01:54 -0700
committer	Paul Kehrer <paul.l.kehrer@gmail.com>	2017-05-20 09:01:54 -0700
commit	d08ddd5af21de62088c0236bfac1d647a6cb84a2 (patch)
tree	39e09ecca23f734900cc55734c4fd9237e35ad6b /src/cryptography/hazmat/backends/openssl/decode_asn1.py
parent	0d92ff8a1680911019dab64deeb4f7ea67224492 (diff)
download	cryptography-d08ddd5af21de62088c0236bfac1d647a6cb84a2.tar.gz cryptography-d08ddd5af21de62088c0236bfac1d647a6cb84a2.tar.bz2 cryptography-d08ddd5af21de62088c0236bfac1d647a6cb84a2.zip