aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--docs/development/test-vectors.rst2
-rw-r--r--src/cryptography/hazmat/backends/openssl/ocsp.py6
-rw-r--r--tests/x509/test_ocsp.py8
-rw-r--r--vectors/cryptography_vectors/x509/ocsp/resp-revoked-no-next-update.derbin0 -> 283 bytes
4 files changed, 14 insertions, 2 deletions
diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst
index b56a4c56..e512a902 100644
--- a/docs/development/test-vectors.rst
+++ b/docs/development/test-vectors.rst
@@ -427,6 +427,8 @@ X.509 OCSP Test Vectors
* ``x509/ocsp/resp-revoked-reason.der`` - An OCSP response from the
``QuoVadis`` OCSP responder that contains a revoked certificate with a
revocation reason.
+* ``x509/ocsp/resp-revoked-no-next-update.der`` - An OCSP response that
+ contains a revoked certificate and no ``nextUpdate`` value.
Custom X.509 OCSP Test Vectors
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/src/cryptography/hazmat/backends/openssl/ocsp.py b/src/cryptography/hazmat/backends/openssl/ocsp.py
index cd3650ae..32e26a0a 100644
--- a/src/cryptography/hazmat/backends/openssl/ocsp.py
+++ b/src/cryptography/hazmat/backends/openssl/ocsp.py
@@ -278,8 +278,10 @@ class _OCSPResponse(object):
self._backend._ffi.NULL,
asn1_time,
)
- self._backend.openssl_assert(asn1_time[0] != self._backend._ffi.NULL)
- return _parse_asn1_generalized_time(self._backend, asn1_time[0])
+ if asn1_time[0] != self._backend._ffi.NULL:
+ return _parse_asn1_generalized_time(self._backend, asn1_time[0])
+ else:
+ return None
@property
@_requires_successful_response
diff --git a/tests/x509/test_ocsp.py b/tests/x509/test_ocsp.py
index 0d44b6da..3ee6a26e 100644
--- a/tests/x509/test_ocsp.py
+++ b/tests/x509/test_ocsp.py
@@ -319,6 +319,14 @@ class TestOCSPResponse(object):
)
assert resp.revocation_reason is x509.ReasonFlags.superseded
+ def test_load_revoked_no_next_update(self):
+ resp = _load_data(
+ os.path.join("x509", "ocsp", "resp-revoked-no-next-update.der"),
+ ocsp.load_der_ocsp_response,
+ )
+ assert resp.serial_number == 16160
+ assert resp.next_update is None
+
def test_response_extensions(self):
resp = _load_data(
os.path.join("x509", "ocsp", "resp-revoked-reason.der"),
diff --git a/vectors/cryptography_vectors/x509/ocsp/resp-revoked-no-next-update.der b/vectors/cryptography_vectors/x509/ocsp/resp-revoked-no-next-update.der
new file mode 100644
index 00000000..c9bb9d6f
--- /dev/null
+++ b/vectors/cryptography_vectors/x509/ocsp/resp-revoked-no-next-update.der
Binary files differ