6 files changed, 47 insertions, 14 deletions
diff --git a/src/_cffi_src/build_constant_time.py b/src/_cffi_src/build_constant_time.py
index 6d9a8f54..7a11f7b5 100644
--- a/src/_cffi_src/build_constant_time.py
+++ b/src/_cffi_src/build_constant_time.py
@@ -5,9 +5,8 @@
 from __future__ import absolute_import, division, print_function
 
 import os
-import sys
 
-from _cffi_src.utils import build_ffi, extra_link_args
+from _cffi_src.utils import build_ffi, compiler_type, extra_link_args
 
 
 with open(os.path.join(
@@ -24,5 +23,5 @@ ffi = build_ffi(
     module_name="_constant_time",
     cdef_source=types,
     verify_source=functions,
-    extra_link_args=extra_link_args(sys.platform),
+    extra_link_args=extra_link_args(compiler_type()),
 )
diff --git a/src/_cffi_src/build_openssl.py b/src/_cffi_src/build_openssl.py
index c856e3d9..c47b3082 100644
--- a/src/_cffi_src/build_openssl.py
+++ b/src/_cffi_src/build_openssl.py
@@ -7,7 +7,9 @@ from __future__ import absolute_import, division, print_function
 import os
 import sys
 
-from _cffi_src.utils import build_ffi_for_binding, extra_link_args
+from _cffi_src.utils import (
+    build_ffi_for_binding, compiler_type, extra_link_args
+)
 
 
 def _get_openssl_libraries(platform):
@@ -92,5 +94,5 @@ ffi = build_ffi_for_binding(
     pre_include=_OSX_PRE_INCLUDE,
     post_include=_OSX_POST_INCLUDE,
     libraries=_get_openssl_libraries(sys.platform),
-    extra_link_args=extra_link_args(sys.platform),
+    extra_link_args=extra_link_args(compiler_type()),
 )
diff --git a/src/_cffi_src/build_padding.py b/src/_cffi_src/build_padding.py
index 5df93d80..4c5096a1 100644
--- a/src/_cffi_src/build_padding.py
+++ b/src/_cffi_src/build_padding.py
@@ -5,9 +5,8 @@
 from __future__ import absolute_import, division, print_function
 
 import os
-import sys
 
-from _cffi_src.utils import build_ffi, extra_link_args
+from _cffi_src.utils import build_ffi, compiler_type, extra_link_args
 
 
 with open(os.path.join(
@@ -24,5 +23,5 @@ ffi = build_ffi(
     module_name="_padding",
     cdef_source=types,
     verify_source=functions,
-    extra_link_args=extra_link_args(sys.platform),
+    extra_link_args=extra_link_args(compiler_type()),
 )
diff --git a/src/_cffi_src/utils.py b/src/_cffi_src/utils.py
index 0b00353e..bdce2f3b 100644
--- a/src/_cffi_src/utils.py
+++ b/src/_cffi_src/utils.py
@@ -5,6 +5,8 @@
 from __future__ import absolute_import, division, print_function
 
 import sys
+from distutils.ccompiler import new_compiler
+from distutils.dist import Distribution
 
 from cffi import FFI
 
@@ -79,10 +81,23 @@ def build_ffi(module_name, cdef_source, verify_source, libraries=[],
     return ffi
 
 
-def extra_link_args(platform):
-    if platform != "win32":
-        return []
+def extra_link_args(compiler_type):
+    if compiler_type == 'msvc':
+        # Enable NX and ASLR for Windows builds on MSVC. These are enabled by
+        # default on Python 3.3+ but not on 2.x.
+        return ['/NXCOMPAT', '/DYNAMICBASE']
     else:
-        # Enable NX and ASLR for Windows builds. These are enabled by default
-        # on Python 3.3+ but not on 2.x.
-        return ["/NXCOMPAT", "/DYNAMICBASE"]
+        return []
+
+
+def compiler_type():
+    """
+    Gets the compiler type from distutils. On Windows with MSVC it will be
+    "msvc". On OS X and linux it is "unix".
+    """
+    dist = Distribution()
+    dist.parse_config_files()
+    cmd = dist.get_command_obj('build')
+    cmd.ensure_finalized()
+    compiler = new_compiler(compiler=cmd.compiler)
+    return compiler.compiler_type
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index 293c6288..b8614e0b 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -213,6 +213,15 @@ class _X509ExtensionParser(object):
                         "Critical extension {0} is not currently supported"
                         .format(oid), oid
                     )
+                else:
+                    # Dump the DER payload into an UnrecognizedExtension object
+                    data = backend._lib.X509_EXTENSION_get_data(ext)
+                    backend.openssl_assert(data != backend._ffi.NULL)
+                    der = backend._ffi.buffer(data.data, data.length)[:]
+                    unrecognized = x509.UnrecognizedExtension(oid, der)
+                    extensions.append(
+                        x509.Extension(oid, critical, unrecognized)
+                    )
             else:
                 # For extensions which are not supported by OpenSSL we pass the
                 # extension object directly to the parsing routine so it can
diff --git a/src/cryptography/hazmat/bindings/openssl/binding.py b/src/cryptography/hazmat/bindings/openssl/binding.py
index 07b6b9ac..8e419439 100644
--- a/src/cryptography/hazmat/bindings/openssl/binding.py
+++ b/src/cryptography/hazmat/bindings/openssl/binding.py
@@ -8,6 +8,7 @@ import collections
 import os
 import threading
 import types
+import warnings
 
 from cryptography.exceptions import InternalError
 from cryptography.hazmat.bindings._openssl import ffi, lib
@@ -180,3 +181,11 @@ class Binding(object):
 # condition registering the OpenSSL locks. On Python 3.4+ the import lock
 # is per module so this approach will not work.
 Binding.init_static_locks()
+
+if Binding.lib.SSLeay() < 0x10001000:
+    warnings.warn(
+        "OpenSSL versions less than 1.0.1 are no longer supported by the "
+        "OpenSSL project, please upgrade. A future version of cryptography "
+        "will drop support for these versions.",
+        DeprecationWarning
+    )