support openssl 0.9.8's nonsense hopefully

author: Paul Kehrer <paul.l.kehrer@gmail.com> 2016-03-13 11:28:16 -0400
committer: Paul Kehrer <paul.l.kehrer@gmail.com> 2016-03-13 11:28:16 -0400
commit: a1dcdbb2fe865afe4cdbdd041a778a06767f34bd (patch)
tree: 75604de90c6e4de7273e435fa3e7054b85065fc3 /src
parent: 7c6e434d3288f8deaebae52f21d10d0f67d4e010 (diff)
download: cryptography-a1dcdbb2fe865afe4cdbdd041a778a06767f34bd.tar.gz
cryptography-a1dcdbb2fe865afe4cdbdd041a778a06767f34bd.tar.bz2
cryptography-a1dcdbb2fe865afe4cdbdd041a778a06767f34bd.zip
1 files changed, 26 insertions, 1 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index b121df03..c6ede932 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -31,7 +31,8 @@ from cryptography.hazmat.backends.openssl.ec import (
 from cryptography.hazmat.backends.openssl.encode_asn1 import (
     _CRL_ENTRY_EXTENSION_ENCODE_HANDLERS,
     _CRL_EXTENSION_ENCODE_HANDLERS, _EXTENSION_ENCODE_HANDLERS,
-    _encode_asn1_int_gc, _encode_name_gc,
+    _encode_asn1_int_gc, _encode_asn1_str_gc, _encode_name_gc,
+    _txt2obj_gc,
 )
 from cryptography.hazmat.backends.openssl.hashes import _HashContext
 from cryptography.hazmat.backends.openssl.hmac import _HMACContext
@@ -978,10 +979,34 @@ class Backend(object):
             nid = self._lib.OBJ_txt2nid(
                 extension.oid.dotted_string.encode("ascii")
             )
+            backend.openssl_assert(nid != self._lib.NID_undef)
             x509_extension = self._lib.X509V3_EXT_i2d(
                 nid, 1 if extension.critical else 0, ext_struct
             )
+            if (
+                x509_extension == self._ffi.NULL and
+                extension.oid == x509.OID_CERTIFICATE_ISSUER
+            ):
+                # This path exists to support OpenSSL 0.9.8, which does
+                # not know how to encode a CERTIFICATE_ISSUER for CRLs. Once we
+                # drop 0.9.8 support we can remove this.
+                self._consume_errors()
+                pp = backend._ffi.new("unsigned char **")
+                r = self._lib.i2d_GENERAL_NAMES(ext_struct, pp)
+                backend.openssl_assert(r > 0)
+                pp = backend._ffi.gc(
+                    pp, lambda pointer: backend._lib.OPENSSL_free(pointer[0])
+                )
+                obj = _txt2obj_gc(self, extension.oid.dotted_string)
+                x509_extension = self._lib.X509_EXTENSION_create_by_OBJ(
+                    self._ffi.NULL,
+                    obj,
+                    1 if extension.critical else 0,
+                    _encode_asn1_str_gc(self, pp[0], r)
+                )
+
             self.openssl_assert(x509_extension != self._ffi.NULL)
+
             if gc:
                 x509_extension = self._ffi.gc(
                     x509_extension, self._lib.X509_EXTENSION_free
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2016-03-13 11:28:16 -0400
committer	Paul Kehrer <paul.l.kehrer@gmail.com>	2016-03-13 11:28:16 -0400
commit	a1dcdbb2fe865afe4cdbdd041a778a06767f34bd (patch)
tree	75604de90c6e4de7273e435fa3e7054b85065fc3 /src
parent	7c6e434d3288f8deaebae52f21d10d0f67d4e010 (diff)
download	cryptography-a1dcdbb2fe865afe4cdbdd041a778a06767f34bd.tar.gz cryptography-a1dcdbb2fe865afe4cdbdd041a778a06767f34bd.tar.bz2 cryptography-a1dcdbb2fe865afe4cdbdd041a778a06767f34bd.zip