5 files changed, 38 insertions, 0 deletions

diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst
index e2b621c3..5353b1d2 100644
--- a/docs/development/test-vectors.rst
+++ b/docs/development/test-vectors.rst
@@ -132,6 +132,8 @@ Custom X.509 Vectors
   a subject alternative name extension with the ``otherName`` general name.
 * ``san_registered_id.pem`` - An RSA 1024 bit certificate containing a
   subject alternative name extension with the ``registeredID`` general name.
+* ``all_key_usages.pem`` - An RSA 2048 bit self-signed certificate containing
+  a key usage extension with all nine purposes set to true.
 
 Custom X.509 Request Vectors
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/src/cryptography/hazmat/bindings/openssl/asn1.py b/src/cryptography/hazmat/bindings/openssl/asn1.py
index d8b8331e..45dfe758 100644
--- a/src/cryptography/hazmat/bindings/openssl/asn1.py
+++ b/src/cryptography/hazmat/bindings/openssl/asn1.py
@@ -40,6 +40,7 @@ struct asn1_string_st {
 
 typedef struct asn1_string_st ASN1_OCTET_STRING;
 typedef struct asn1_string_st ASN1_IA5STRING;
+typedef ... ASN1_BIT_STRING;
 typedef ... ASN1_OBJECT;
 typedef ... ASN1_STRING;
 typedef ... ASN1_TYPE;
@@ -115,9 +116,12 @@ int ASN1_ENUMERATED_set(ASN1_ENUMERATED *, long);
 
 ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **, const unsigned char **, long,
                           const ASN1_ITEM *);
+int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *, int, int);
 """
 
 MACROS = """
+/* This is not a macro, but is const on some versions of OpenSSL */
+int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *, int);
 ASN1_TIME *M_ASN1_TIME_dup(void *);
 const ASN1_ITEM *ASN1_ITEM_ptr(ASN1_ITEM_EXP *);
 
diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py
index 63c8767d..4de7428f 100644
--- a/src/cryptography/x509.py
+++ b/src/cryptography/x509.py
@@ -238,6 +238,9 @@ class ExtendedKeyUsage(object):
     def __len__(self):
         return len(self._usages)
 
+    def __repr__(self):
+        return "<ExtendedKeyUsage({0})>".format(self._usages)
+
 
 class BasicConstraints(object):
     def __init__(self, ca, path_length):
diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py
index 7447ac4b..c1512d5f 100644
--- a/tests/test_x509_ext.py
+++ b/tests/test_x509_ext.py
@@ -175,6 +175,17 @@ class TestExtendedKeyUsage(object):
             x509.OID_CLIENT_AUTH
         ]
 
+    def test_repr(self):
+        eku = x509.ExtendedKeyUsage([
+            x509.ObjectIdentifier("1.3.6.1.5.5.7.3.1"),
+            x509.ObjectIdentifier("1.3.6.1.5.5.7.3.2"),
+        ])
+        assert repr(eku) == (
+            "<ExtendedKeyUsage([<ObjectIdentifier(oid=1.3.6.1.5.5.7.3.1, name="
+            "serverAuth)>, <ObjectIdentifier(oid=1.3.6.1.5.5.7.3.2, name=clien"
+            "tAuth)>])>"
+        )
+
 
 @pytest.mark.requires_backend_interface(interface=RSABackend)
 @pytest.mark.requires_backend_interface(interface=X509Backend)
diff --git a/vectors/cryptography_vectors/x509/custom/all_key_usages.pem b/vectors/cryptography_vectors/x509/custom/all_key_usages.pem
new file mode 100644
index 00000000..e24caf28
--- /dev/null
+++ b/vectors/cryptography_vectors/x509/custom/all_key_usages.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6TCCAdGgAwIBAgITBmdJiX54UcRwde48tbHzferkszANBgkqhkiG9w0BAQUF
+ADAmMRUwEwYDVQQDDAxjcnlwdG9ncmFwaHkxDTALBgNVBAoMBFB5Q0EwHhcNMTUw
+NDAyMTgyMzIwWhcNMTYwNDAxMTgyMzIwWjAmMRUwEwYDVQQDDAxjcnlwdG9ncmFw
+aHkxDTALBgNVBAoMBFB5Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCtKAh5oo9zN6ATc8c7+kJNpi9uOOE1650X6H6F4XpDQGmg7uoOGpvZqi4BwkiJ
+6tE6IR9qmfuksrSmVraBFGfXLKVknLBpB9aAAeBv7Kh7nrPfd39fbliwbW7NJIHH
++nG02FLPPMOdUKNyfTY2+kthkrjGCjYqOTEIUkFLgxk3/V2bmTSEiNGmi/1qQl9Y
+pRJlaMYhDkS01Ox7/20uYI/S8EAXWQefV23szoesiiS6QvVncBRUeYCj+rQsr2+p
+wXz1TWypLEukjo+C6SyjVEYUMUwYKg/0hBMQIpnAWuiNiiJArWf+l9a4O1SgsPG7
+nwWClir6jr33LBD5DF1cJCS3AgMBAAGjEDAOMAwGA1UdDwQFAwMH/4AwDQYJKoZI
+hvcNAQEFBQADggEBAEJUuCiqMQYZowPi9OmyHGk7vAxh2MCKDQJDI1DhNdCPNoOl
+nGSrNiFVRh6PAh3i+QSoh3pvbFvP0pCgasoaukqxKPK9pCKzBrwwsA7U7hvtJlIp
+gOb5RG55mPDl5SxSJyHlOPHotG9ACeQOvbfqn3KM9Jn5aBir/laRKsSrM/daeeZ8
+4LQOb5pSNK41NKxeidm1AdNEMt33duYkhWZ63gviYvr6ri+3OOHhlFZeCI297TW9
+dHZpYMwi3hN7jYJLh5NFBNlnngG92lMcYfSBntjeCN2uPwO72utKMYb3kF/JxglX
+dxeA+zWQjvhx3s2Zt8/N10JnnbKImPJdCA59X3M=
+-----END CERTIFICATE-----