support for OtherName encoding for general names

author: Paul Kehrer <paul.l.kehrer@gmail.com> 2015-07-10 20:34:18 -0500
committer: Paul Kehrer <paul.l.kehrer@gmail.com> 2015-07-11 22:20:45 -0500
commit: 22f5fbb4def79519becd5b247e32a87c9bd8adeb (patch)
tree: 9b1879a344771be0a4ea04b231e71dc8b2f757a4 /src
parent: 91a27a484a88063679e8b21a99b2714dddfd6c12 (diff)
download: cryptography-22f5fbb4def79519becd5b247e32a87c9bd8adeb.tar.gz
cryptography-22f5fbb4def79519becd5b247e32a87c9bd8adeb.tar.bz2
cryptography-22f5fbb4def79519becd5b247e32a87c9bd8adeb.zip
3 files changed, 25 insertions, 0 deletions
diff --git a/src/_cffi_src/openssl/asn1.py b/src/_cffi_src/openssl/asn1.py
index 01d6f4c2..f0441ac2 100644
--- a/src/_cffi_src/openssl/asn1.py
+++ b/src/_cffi_src/openssl/asn1.py
@@ -157,6 +157,7 @@ int ASN1_UTCTIME_check(ASN1_UTCTIME *);
 int ASN1_STRING_set_default_mask_asc(char *);
 
 int i2d_ASN1_TYPE(ASN1_TYPE *, unsigned char **);
+ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **, unsigned char **, long);
 """
 
 CUSTOMIZATIONS = """
diff --git a/src/_cffi_src/openssl/x509v3.py b/src/_cffi_src/openssl/x509v3.py
index 0f5306d0..8e42b65d 100644
--- a/src/_cffi_src/openssl/x509v3.py
+++ b/src/_cffi_src/openssl/x509v3.py
@@ -193,6 +193,9 @@ void AUTHORITY_KEYID_free(AUTHORITY_KEYID *);
 NAME_CONSTRAINTS *NAME_CONSTRAINTS_new(void);
 void NAME_CONSTRAINTS_free(NAME_CONSTRAINTS *);
 
+OTHERNAME *OTHERNAME_new(void);
+void OTHERNAME_free(OTHERNAME *);
+
 void *X509V3_set_ctx_nodb(X509V3_CTX *);
 
 int i2d_GENERAL_NAMES(GENERAL_NAMES *, unsigned char **);
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index 7255b470..0017b1bd 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -199,6 +199,27 @@ def _encode_subject_alt_name(backend, san):
             )
             gn.type = backend._lib.GEN_IPADD
             gn.d.iPAddress = ipaddr
+        elif isinstance(alt_name, x509.OtherName):
+            gn = backend._lib.GENERAL_NAME_new()
+            assert gn != backend._ffi.NULL
+            other_name = backend._lib.OTHERNAME_new()
+            assert other_name != backend._ffi.NULL
+
+            type_id = backend._lib.OBJ_txt2obj(
+                alt_name.type_id.dotted_string.encode('ascii'), 1
+            )
+            assert type_id != backend._ffi.NULL
+            data = backend._ffi.new("unsigned char[]", alt_name.value)
+            data_ptr_ptr = backend._ffi.new("unsigned char **")
+            data_ptr_ptr[0] = data
+            value = backend._lib.d2i_ASN1_TYPE(
+                backend._ffi.NULL, data_ptr_ptr, len(alt_name.value)
+            )
+            assert value != backend._ffi.NULL
+            other_name.type_id = type_id
+            other_name.value = value
+            gn.type = backend._lib.GEN_OTHERNAME
+            gn.d.otherName = other_name
         else:
             raise NotImplementedError(
                 "Only DNSName and RegisteredID supported right now"
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2015-07-10 20:34:18 -0500
committer	Paul Kehrer <paul.l.kehrer@gmail.com>	2015-07-11 22:20:45 -0500
commit	22f5fbb4def79519becd5b247e32a87c9bd8adeb (patch)
tree	9b1879a344771be0a4ea04b231e71dc8b2f757a4 /src
parent	91a27a484a88063679e8b21a99b2714dddfd6c12 (diff)
download	cryptography-22f5fbb4def79519becd5b247e32a87c9bd8adeb.tar.gz cryptography-22f5fbb4def79519becd5b247e32a87c9bd8adeb.tar.bz2 cryptography-22f5fbb4def79519becd5b247e32a87c9bd8adeb.zip