diff options
-rw-r--r-- | docs/development/test-vectors.rst | 2 | ||||
-rw-r--r-- | src/cryptography/hazmat/backends/openssl/ocsp.py | 6 | ||||
-rw-r--r-- | tests/x509/test_ocsp.py | 8 | ||||
-rw-r--r-- | vectors/cryptography_vectors/x509/ocsp/resp-revoked-no-next-update.der | bin | 0 -> 283 bytes |
4 files changed, 14 insertions, 2 deletions
diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst index b56a4c56..e512a902 100644 --- a/docs/development/test-vectors.rst +++ b/docs/development/test-vectors.rst @@ -427,6 +427,8 @@ X.509 OCSP Test Vectors * ``x509/ocsp/resp-revoked-reason.der`` - An OCSP response from the ``QuoVadis`` OCSP responder that contains a revoked certificate with a revocation reason. +* ``x509/ocsp/resp-revoked-no-next-update.der`` - An OCSP response that + contains a revoked certificate and no ``nextUpdate`` value. Custom X.509 OCSP Test Vectors ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/src/cryptography/hazmat/backends/openssl/ocsp.py b/src/cryptography/hazmat/backends/openssl/ocsp.py index cd3650ae..32e26a0a 100644 --- a/src/cryptography/hazmat/backends/openssl/ocsp.py +++ b/src/cryptography/hazmat/backends/openssl/ocsp.py @@ -278,8 +278,10 @@ class _OCSPResponse(object): self._backend._ffi.NULL, asn1_time, ) - self._backend.openssl_assert(asn1_time[0] != self._backend._ffi.NULL) - return _parse_asn1_generalized_time(self._backend, asn1_time[0]) + if asn1_time[0] != self._backend._ffi.NULL: + return _parse_asn1_generalized_time(self._backend, asn1_time[0]) + else: + return None @property @_requires_successful_response diff --git a/tests/x509/test_ocsp.py b/tests/x509/test_ocsp.py index 0d44b6da..3ee6a26e 100644 --- a/tests/x509/test_ocsp.py +++ b/tests/x509/test_ocsp.py @@ -319,6 +319,14 @@ class TestOCSPResponse(object): ) assert resp.revocation_reason is x509.ReasonFlags.superseded + def test_load_revoked_no_next_update(self): + resp = _load_data( + os.path.join("x509", "ocsp", "resp-revoked-no-next-update.der"), + ocsp.load_der_ocsp_response, + ) + assert resp.serial_number == 16160 + assert resp.next_update is None + def test_response_extensions(self): resp = _load_data( os.path.join("x509", "ocsp", "resp-revoked-reason.der"), diff --git a/vectors/cryptography_vectors/x509/ocsp/resp-revoked-no-next-update.der b/vectors/cryptography_vectors/x509/ocsp/resp-revoked-no-next-update.der Binary files differnew file mode 100644 index 00000000..c9bb9d6f --- /dev/null +++ b/vectors/cryptography_vectors/x509/ocsp/resp-revoked-no-next-update.der |