diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-08-06 23:13:45 +0100 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-08-08 22:02:26 -0500 |
| commit | 683d4d82697319f587472cdfd3d427670eea615a (patch) | |
| tree | 8d638444885c3009accd1fbacff384d234bb5935 /src | |
| parent | 57df4852891c509917bffca53dffad88a4e914ab (diff) | |
| download | cryptography-683d4d82697319f587472cdfd3d427670eea615a.tar.gz cryptography-683d4d82697319f587472cdfd3d427670eea615a.tar.bz2 cryptography-683d4d82697319f587472cdfd3d427670eea615a.zip | |
support InhibitAnyPolicy in CertificateBuilder
Diffstat (limited to 'src')
| -rw-r--r-- | src/_cffi_src/openssl/asn1.py | 1 | ||||
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/backend.py | 13 | ||||
| -rw-r--r-- | src/cryptography/x509.py | 2 |
3 files changed, 16 insertions, 0 deletions
diff --git a/src/_cffi_src/openssl/asn1.py b/src/_cffi_src/openssl/asn1.py index 96084721..bbbffd8f 100644 --- a/src/_cffi_src/openssl/asn1.py +++ b/src/_cffi_src/openssl/asn1.py @@ -133,6 +133,7 @@ ASN1_BIT_STRING *ASN1_BIT_STRING_new(void); void ASN1_BIT_STRING_free(ASN1_BIT_STRING *); int i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *, unsigned char **); int i2d_ASN1_OCTET_STRING(ASN1_OCTET_STRING *, unsigned char **); +int i2d_ASN1_INTEGER(ASN1_INTEGER *, unsigned char **); /* This is not a macro, but is const on some versions of OpenSSL */ int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *, int); ASN1_TIME *M_ASN1_TIME_dup(void *); diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index 6675f677..c583214d 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -102,6 +102,17 @@ def _encode_asn1_str_gc(backend, data, length): return s +def _encode_inhibit_any_policy(backend, inhibit_any_policy): + asn1int = _encode_asn1_int_gc(backend, inhibit_any_policy.skip_certs) + pp = backend._ffi.new('unsigned char **') + r = backend._lib.i2d_ASN1_INTEGER(asn1int, pp) + assert r > 0 + pp = backend._ffi.gc( + pp, lambda pointer: backend._lib.OPENSSL_free(pointer[0]) + ) + return pp, r + + def _encode_name(backend, attributes): """ The X509_NAME created will not be gc'd. Use _encode_name_gc if needed. @@ -1274,6 +1285,8 @@ class Backend(object): pp, r = _encode_authority_key_identifier(self, extension.value) elif isinstance(extension.value, x509.KeyUsage): pp, r = _encode_key_usage(self, extension.value) + elif isinstance(extension.value, x509.InhibitAnyPolicy): + pp, r = _encode_inhibit_any_policy(self, extension.value) elif isinstance(extension.value, x509.ExtendedKeyUsage): pp, r = _encode_extended_key_usage(self, extension.value) elif isinstance(extension.value, x509.SubjectAlternativeName): diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py index 397274e8..d43b8f04 100644 --- a/src/cryptography/x509.py +++ b/src/cryptography/x509.py @@ -1818,6 +1818,8 @@ class CertificateBuilder(object): ) elif isinstance(extension, KeyUsage): extension = Extension(OID_KEY_USAGE, critical, extension) + elif isinstance(extension, InhibitAnyPolicy): + extension = Extension(OID_INHIBIT_ANY_POLICY, critical, extension) elif isinstance(extension, ExtendedKeyUsage): extension = Extension(OID_EXTENDED_KEY_USAGE, critical, extension) elif isinstance(extension, SubjectAlternativeName): |