aboutsummaryrefslogtreecommitdiffstats
path: root/src/cryptography/hazmat/backends/openssl/decode_asn1.py
diff options
context:
space:
mode:
Diffstat (limited to 'src/cryptography/hazmat/backends/openssl/decode_asn1.py')
-rw-r--r--src/cryptography/hazmat/backends/openssl/decode_asn1.py10
1 files changed, 8 insertions, 2 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/decode_asn1.py b/src/cryptography/hazmat/backends/openssl/decode_asn1.py
index 2665fb22..aefb2422 100644
--- a/src/cryptography/hazmat/backends/openssl/decode_asn1.py
+++ b/src/cryptography/hazmat/backends/openssl/decode_asn1.py
@@ -88,8 +88,14 @@ def _decode_general_names(backend, gns):
def _decode_general_name(backend, gn):
if gn.type == backend._lib.GEN_DNS:
- data = _asn1_string_to_bytes(backend, gn.d.dNSName)
- return x509.DNSName(data)
+ # Convert to bytes and then decode to utf8. We don't use
+ # asn1_string_to_utf8 here because it doesn't properly convert
+ # utf8 from ia5strings.
+ data = _asn1_string_to_bytes(backend, gn.d.dNSName).decode("utf8")
+ # We don't use the constructor for DNSName so we can bypass validation
+ # This allows us to create DNSName objects that have unicode chars
+ # when a certificate (against the RFC) contains them.
+ return x509.DNSName._init_without_validation(data)
elif gn.type == backend._lib.GEN_URI:
data = _asn1_string_to_bytes(backend, gn.d.uniformResourceIdentifier)
return x509.UniformResourceIdentifier(data)
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-28 06:35:02 +0000