diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-06-17 22:13:15 -0600 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-06-17 22:13:15 -0600 |
| commit | ca6ce995434d9629b2f4867dff7a6361fdf77fcd (patch) | |
| tree | 421c3a978433f7123012f46de56a646348ab852a /src | |
| parent | 9e1103e878218cca79ccd7e037f5becc5b159db2 (diff) | |
| download | cryptography-ca6ce995434d9629b2f4867dff7a6361fdf77fcd.tar.gz cryptography-ca6ce995434d9629b2f4867dff7a6361fdf77fcd.tar.bz2 cryptography-ca6ce995434d9629b2f4867dff7a6361fdf77fcd.zip | |
inhibit any policy extension support for the openssl backend
Diffstat (limited to 'src')
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/x509.py | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index a836e6a7..3b0c2954 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -290,6 +290,8 @@ class _Certificate(object): value = _decode_crl_distribution_points(self._backend, ext) elif oid == x509.OID_OCSP_NO_CHECK: value = x509.OCSPNoCheck() + elif oid == x509.OID_INHIBIT_ANY_POLICY: + value = _decode_inhibit_any_policy(self._backend, ext) elif critical: raise x509.UnsupportedExtension( "{0} is not currently supported".format(oid), oid @@ -635,6 +637,17 @@ def _decode_crl_distribution_points(backend, ext): return x509.CRLDistributionPoints(dist_points) +def _decode_inhibit_any_policy(backend, ext): + asn1_int = backend._ffi.cast( + "ASN1_INTEGER *", + backend._lib.X509V3_EXT_d2i(ext) + ) + assert asn1_int != backend._ffi.NULL + asn1_int = backend._ffi.gc(asn1_int, backend._lib.ASN1_INTEGER_free) + skip_certs = _asn1_integer_to_int(backend, asn1_int) + return x509.InhibitAnyPolicy(skip_certs) + + @utils.register_interface(x509.CertificateSigningRequest) class _CertificateSigningRequest(object): def __init__(self, backend, x509_req): |