diff options
-rw-r--r-- | src/cryptography/hazmat/backends/openssl/encode_asn1.py | 2 | ||||
-rw-r--r-- | tests/x509/test_x509.py | 17 |
2 files changed, 19 insertions, 0 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/encode_asn1.py b/src/cryptography/hazmat/backends/openssl/encode_asn1.py index fc16a58b..ca35f0e7 100644 --- a/src/cryptography/hazmat/backends/openssl/encode_asn1.py +++ b/src/cryptography/hazmat/backends/openssl/encode_asn1.py @@ -121,6 +121,8 @@ def _encode_sk_name_entry(backend, attributes): def _encode_name_entry(backend, attribute): if attribute._type is _ASN1Type.BMPString: value = attribute.value.encode('utf_16_be') + elif attribute._type is _ASN1Type.UniversalString: + value = attribute.value.encode('utf_32_be') else: value = attribute.value.encode('utf8') diff --git a/tests/x509/test_x509.py b/tests/x509/test_x509.py index 07a6019b..fa3a41a7 100644 --- a/tests/x509/test_x509.py +++ b/tests/x509/test_x509.py @@ -4602,6 +4602,23 @@ class TestName(object): b"7000680079002e0069006f310d300b060355040a0c0450794341" ) + @pytest.mark.requires_backend_interface(interface=X509Backend) + def test_universalstring_bytes(self, backend): + # UniversalString is UCS-4 + name = x509.Name([ + x509.NameAttribute( + NameOID.COMMON_NAME, + u'cryptography.io', + _ASN1Type.UniversalString + ), + x509.NameAttribute(NameOID.ORGANIZATION_NAME, u'PyCA'), + ]) + assert name.public_bytes(backend) == binascii.unhexlify( + b"30563145304306035504031c3c00000063000000720000007900000070000000" + b"740000006f000000670000007200000061000000700000006800000079000000" + b"2e000000690000006f310d300b060355040a0c0450794341" + ) + @pytest.mark.supported( only_if=lambda backend: backend.ed25519_supported(), |