diff options
author | Alex Gaynor <alex.gaynor@gmail.com> | 2017-05-20 09:01:54 -0700 |
---|---|---|
committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2017-05-20 09:01:54 -0700 |
commit | d08ddd5af21de62088c0236bfac1d647a6cb84a2 (patch) | |
tree | 39e09ecca23f734900cc55734c4fd9237e35ad6b /src/cryptography/hazmat/backends/openssl/decode_asn1.py | |
parent | 0d92ff8a1680911019dab64deeb4f7ea67224492 (diff) | |
download | cryptography-d08ddd5af21de62088c0236bfac1d647a6cb84a2.tar.gz cryptography-d08ddd5af21de62088c0236bfac1d647a6cb84a2.tar.bz2 cryptography-d08ddd5af21de62088c0236bfac1d647a6cb84a2.zip |
Don't raise an UnsupportedExtension for critical extensions. (#3550)
* Don't raise an UnsupportedExtension for critical extensions.
Fixes #2903
Fixes #2901
Fixes #3325
* Don't link
* Revert "Don't link"
This reverts commit 4fe847f91d9dd45cdc28a4984c4e44aad62a5de6.
* fix
* Revert "Revert "Don't link""
This reverts commit 856031b5a1fbad04ac218fa94ebf37dcd402f3ed.
* fix
* Deprecate this
* Better changelog entry
Diffstat (limited to 'src/cryptography/hazmat/backends/openssl/decode_asn1.py')
-rw-r--r-- | src/cryptography/hazmat/backends/openssl/decode_asn1.py | 22 |
1 files changed, 8 insertions, 14 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/decode_asn1.py b/src/cryptography/hazmat/backends/openssl/decode_asn1.py index b6910d9c..19df4c8c 100644 --- a/src/cryptography/hazmat/backends/openssl/decode_asn1.py +++ b/src/cryptography/hazmat/backends/openssl/decode_asn1.py @@ -215,20 +215,14 @@ class _X509ExtensionParser(object): try: handler = self.handlers[oid] except KeyError: - if critical: - raise x509.UnsupportedExtension( - "Critical extension {0} is not currently supported" - .format(oid), oid - ) - else: - # Dump the DER payload into an UnrecognizedExtension object - data = backend._lib.X509_EXTENSION_get_data(ext) - backend.openssl_assert(data != backend._ffi.NULL) - der = backend._ffi.buffer(data.data, data.length)[:] - unrecognized = x509.UnrecognizedExtension(oid, der) - extensions.append( - x509.Extension(oid, critical, unrecognized) - ) + # Dump the DER payload into an UnrecognizedExtension object + data = backend._lib.X509_EXTENSION_get_data(ext) + backend.openssl_assert(data != backend._ffi.NULL) + der = backend._ffi.buffer(data.data, data.length)[:] + unrecognized = x509.UnrecognizedExtension(oid, der) + extensions.append( + x509.Extension(oid, critical, unrecognized) + ) else: ext_data = backend._lib.X509V3_EXT_d2i(ext) if ext_data == backend._ffi.NULL: |