aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/cryptography/hazmat/backends/openssl/encode_asn1.py15
1 files changed, 10 insertions, 5 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/encode_asn1.py b/src/cryptography/hazmat/backends/openssl/encode_asn1.py
index b0e2e73e..944dedc6 100644
--- a/src/cryptography/hazmat/backends/openssl/encode_asn1.py
+++ b/src/cryptography/hazmat/backends/openssl/encode_asn1.py
@@ -358,6 +358,15 @@ def _encode_subject_key_identifier(backend, ski):
return _encode_asn1_str_gc(backend, ski.digest, len(ski.digest))
+def _idna_encode(value):
+ # Retain prefixes '*.' for common/alt names and '.' for name constraints
+ for prefix in ['*.', '.']:
+ if value.startswith(prefix):
+ value = value[len(prefix):]
+ return prefix.encode('ascii') + idna.encode(value)
+ return idna.encode(value)
+
+
def _encode_general_name(backend, name):
if isinstance(name, x509.DNSName):
gn = backend._lib.GENERAL_NAME_new()
@@ -366,11 +375,7 @@ def _encode_general_name(backend, name):
ia5 = backend._lib.ASN1_IA5STRING_new()
backend.openssl_assert(ia5 != backend._ffi.NULL)
-
- if name.value.startswith(u"*."):
- value = b"*." + idna.encode(name.value[2:])
- else:
- value = idna.encode(name.value)
+ value = _idna_encode(name.value)
res = backend._lib.ASN1_STRING_set(ia5, value, len(value))
backend.openssl_assert(res == 1)
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-03 21:04:08 +0000