Check result of setting the serial number

- Add checks for private key types - Add tests around new checks for types of private keys
author: Ian Cordasco <graffatcolmingov@gmail.com> 2015-07-24 16:38:50 -0500
committer: Ian Cordasco <graffatcolmingov@gmail.com> 2015-07-24 16:38:52 -0500
commit: 56561b12894bca3309bea4596278e844b0d567d0 (patch)
tree: 3f57102a9db0d611b13621653ce648b34ea42360 /src
parent: 893246fd6b6dcefa270777e7cb8261a3131a2745 (diff)
download: cryptography-56561b12894bca3309bea4596278e844b0d567d0.tar.gz
cryptography-56561b12894bca3309bea4596278e844b0d567d0.tar.bz2
cryptography-56561b12894bca3309bea4596278e844b0d567d0.zip
1 files changed, 14 insertions, 2 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index 69a8d87e..3beb716d 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -990,12 +990,23 @@ class Backend(object):
         return _CertificateSigningRequest(self, x509_req)
 
     def sign_x509_certificate(self, builder, private_key, algorithm):
-        # TODO: check type of private key parameter.
         if not isinstance(builder, x509.CertificateBuilder):
             raise TypeError('Builder type mismatch.')
         if not isinstance(algorithm, hashes.HashAlgorithm):
             raise TypeError('Algorithm must be a registered hash algorithm.')
 
+        if self._lib.OPENSSL_VERSION_NUMBER <= 0x10001000:
+            if isinstance(private_key, _DSAPrivateKey):
+                raise NotImplementedError(
+                    "Certificate signatures aren't implemented for DSA"
+                    " keys on OpenSSL versions less than 1.0.1."
+                )
+            if isinstance(private_key, _EllipticCurvePrivateKey):
+                raise NotImplementedError(
+                    "Certificate signatures aren't implemented for EC"
+                    " keys on OpenSSL versions less than 1.0.1."
+                )
+
         # Resolve the signature algorithm.
         evp_md = self._lib.EVP_get_digestbyname(
             algorithm.name.encode('ascii')
@@ -1024,7 +1035,8 @@ class Backend(object):
 
         # Set the certificate serial number.
         serial_number = _encode_asn1_int(self, builder._serial_number)
-        self._lib.X509_set_serialNumber(x509_cert, serial_number)
+        res = self._lib.X509_set_serialNumber(x509_cert, serial_number)
+        assert res == 1
 
         # Set the "not before" time.
         res = self._lib.ASN1_TIME_set(
author	Ian Cordasco <graffatcolmingov@gmail.com>	2015-07-24 16:38:50 -0500
committer	Ian Cordasco <graffatcolmingov@gmail.com>	2015-07-24 16:38:52 -0500
commit	56561b12894bca3309bea4596278e844b0d567d0 (patch)
tree	3f57102a9db0d611b13621653ce648b34ea42360 /src
parent	893246fd6b6dcefa270777e7cb8261a3131a2745 (diff)
download	cryptography-56561b12894bca3309bea4596278e844b0d567d0.tar.gz cryptography-56561b12894bca3309bea4596278e844b0d567d0.tar.bz2 cryptography-56561b12894bca3309bea4596278e844b0d567d0.zip