don't parse SCTs on older openssl (#3749)

* don't parse SCTs on older openssl * use two diff extension parsers because why not * review feedback
author: Paul Kehrer <paul.l.kehrer@gmail.com> 2017-07-04 15:59:38 -0500
committer: Alex Gaynor <alex.gaynor@gmail.com> 2017-07-04 16:59:38 -0400
commit: ce69b82858b2dfc7f8dfe6818749285cc84bd2ec (patch)
tree: 3233ee602d8dcff9211f403f9f3707763b4d381d /tests
parent: a509496e485ed79b5ae93ba2657bc15150e0d147 (diff)
download: cryptography-ce69b82858b2dfc7f8dfe6818749285cc84bd2ec.tar.gz
cryptography-ce69b82858b2dfc7f8dfe6818749285cc84bd2ec.tar.bz2
cryptography-ce69b82858b2dfc7f8dfe6818749285cc84bd2ec.zip
1 files changed, 27 insertions, 4 deletions
diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py
index 595ec703..c3243972 100644
--- a/tests/test_x509_ext.py
+++ b/tests/test_x509_ext.py
@@ -3668,10 +3668,6 @@ class TestInhibitAnyPolicyExtension(object):
 
 @pytest.mark.requires_backend_interface(interface=RSABackend)
 @pytest.mark.requires_backend_interface(interface=X509Backend)
-@pytest.mark.supported(
-    only_if=lambda backend: backend._lib.CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER,
-    skip_message="Requires OpenSSL 1.1.0f+",
-)
 class TestPrecertificateSignedCertificateTimestampsExtension(object):
     def test_init(self):
         with pytest.raises(TypeError):
@@ -3682,6 +3678,11 @@ class TestPrecertificateSignedCertificateTimestampsExtension(object):
             "<PrecertificateSignedCertificateTimestamps([])>"
         )
 
+    @pytest.mark.supported(
+        only_if=lambda backend: (
+            backend._lib.CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER),
+        skip_message="Requires OpenSSL 1.1.0f+",
+    )
     def test_simple(self, backend):
         cert = _load_cert(
             os.path.join("x509", "badssl-sct.pem"),
@@ -3707,6 +3708,28 @@ class TestPrecertificateSignedCertificateTimestampsExtension(object):
             x509.certificate_transparency.LogEntryType.PRE_CERTIFICATE
         )
 
+    @pytest.mark.supported(
+        only_if=lambda backend: (
+            not backend._lib.CRYPTOGRAPHY_OPENSSL_110_OR_GREATER),
+        skip_message="Requires OpenSSL < 1.1.0",
+    )
+    def test_skips_scts_if_unsupported(self, backend):
+        cert = _load_cert(
+            os.path.join("x509", "badssl-sct.pem"),
+            x509.load_pem_x509_certificate,
+            backend
+        )
+        assert len(cert.extensions) == 10
+        with pytest.raises(x509.ExtensionNotFound):
+            cert.extensions.get_extension_for_class(
+                x509.PrecertificateSignedCertificateTimestamps
+            )
+
+        ext = cert.extensions.get_extension_for_oid(
+            x509.ExtensionOID.PRECERT_SIGNED_CERTIFICATE_TIMESTAMPS
+        )
+        assert isinstance(ext.value, x509.UnrecognizedExtension)
+
 
 @pytest.mark.requires_backend_interface(interface=RSABackend)
 @pytest.mark.requires_backend_interface(interface=X509Backend)
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2017-07-04 15:59:38 -0500
committer	Alex Gaynor <alex.gaynor@gmail.com>	2017-07-04 16:59:38 -0400
commit	ce69b82858b2dfc7f8dfe6818749285cc84bd2ec (patch)
tree	3233ee602d8dcff9211f403f9f3707763b4d381d /tests
parent	a509496e485ed79b5ae93ba2657bc15150e0d147 (diff)
download	cryptography-ce69b82858b2dfc7f8dfe6818749285cc84bd2ec.tar.gz cryptography-ce69b82858b2dfc7f8dfe6818749285cc84bd2ec.tar.bz2 cryptography-ce69b82858b2dfc7f8dfe6818749285cc84bd2ec.zip