diff options
-rw-r--r-- | src/cryptography/hazmat/backends/openssl/x509.py | 2 | ||||
-rw-r--r-- | tests/test_x509_ext.py | 17 |
2 files changed, 19 insertions, 0 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index f46dd1b7..a836e6a7 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -288,6 +288,8 @@ class _Certificate(object): value = _decode_certificate_policies(self._backend, ext) elif oid == x509.OID_CRL_DISTRIBUTION_POINTS: value = _decode_crl_distribution_points(self._backend, ext) + elif oid == x509.OID_OCSP_NO_CHECK: + value = x509.OCSPNoCheck() elif critical: raise x509.UnsupportedExtension( "{0} is not currently supported".format(oid), oid diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py index d836164b..c906f1e5 100644 --- a/tests/test_x509_ext.py +++ b/tests/test_x509_ext.py @@ -2395,6 +2395,23 @@ class TestCRLDistributionPointsExtension(object): ]) +@pytest.mark.requires_backend_interface(interface=RSABackend) +@pytest.mark.requires_backend_interface(interface=X509Backend) +class TestOCSPNoCheckExtension(object): + def test_nocheck(self, backend): + cert = _load_cert( + os.path.join( + "x509", "custom", "ocsp_nocheck.pem" + ), + x509.load_pem_x509_certificate, + backend + ) + ext = cert.extensions.get_extension_for_oid( + x509.OID_OCSP_NO_CHECK + ) + assert isinstance(ext.value, x509.OCSPNoCheck) + + class TestInhibitAnyPolicy(object): def test_not_int(self): with pytest.raises(TypeError): |