From 388d1bd3e9cd953fcc948edbc152d5d140c87eb8 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Mon, 5 Mar 2018 11:36:08 -0400
Subject: don't allow GeneralNames to be an empty list (#4128)

* don't allow GeneralNames to be an empty list

* flake8
---
 src/cryptography/x509/extensions.py | 3 +++
 tests/x509/test_x509_ext.py         | 4 ++++
 2 files changed, 7 insertions(+)

diff --git a/src/cryptography/x509/extensions.py b/src/cryptography/x509/extensions.py
index eb4b927f..af12fa9c 100644
--- a/src/cryptography/x509/extensions.py
+++ b/src/cryptography/x509/extensions.py
@@ -1160,6 +1160,9 @@ class Extension(object):
 class GeneralNames(object):
     def __init__(self, general_names):
         general_names = list(general_names)
+        if len(general_names) == 0:
+            raise ValueError("Must supply at least one general name")
+
         if not all(isinstance(x, GeneralName) for x in general_names):
             raise TypeError(
                 "Every item in the general_names list must be an "
diff --git a/tests/x509/test_x509_ext.py b/tests/x509/test_x509_ext.py
index 9f4e1758..b048c140 100644
--- a/tests/x509/test_x509_ext.py
+++ b/tests/x509/test_x509_ext.py
@@ -2052,6 +2052,10 @@ class TestGeneralNames(object):
                 [x509.DNSName(u"cryptography.io"), "invalid"]
             )
 
+    def test_does_not_allow_empty_list(self):
+        with pytest.raises(ValueError):
+            x509.GeneralNames([])
+
     def test_repr(self):
         gns = x509.GeneralNames(
             [
-- 
cgit v1.2.3