From f54a50bc6cdb215c2cc7d6fb4ca524e109f0411c Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 17 Jun 2015 18:31:26 -0600 Subject: support OCSPNoCheck in the OpenSSL backend --- src/cryptography/hazmat/backends/openssl/x509.py | 2 ++ tests/test_x509_ext.py | 17 +++++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index f46dd1b7..a836e6a7 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -288,6 +288,8 @@ class _Certificate(object): value = _decode_certificate_policies(self._backend, ext) elif oid == x509.OID_CRL_DISTRIBUTION_POINTS: value = _decode_crl_distribution_points(self._backend, ext) + elif oid == x509.OID_OCSP_NO_CHECK: + value = x509.OCSPNoCheck() elif critical: raise x509.UnsupportedExtension( "{0} is not currently supported".format(oid), oid diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py index d836164b..c906f1e5 100644 --- a/tests/test_x509_ext.py +++ b/tests/test_x509_ext.py @@ -2395,6 +2395,23 @@ class TestCRLDistributionPointsExtension(object): ]) +@pytest.mark.requires_backend_interface(interface=RSABackend) +@pytest.mark.requires_backend_interface(interface=X509Backend) +class TestOCSPNoCheckExtension(object): + def test_nocheck(self, backend): + cert = _load_cert( + os.path.join( + "x509", "custom", "ocsp_nocheck.pem" + ), + x509.load_pem_x509_certificate, + backend + ) + ext = cert.extensions.get_extension_for_oid( + x509.OID_OCSP_NO_CHECK + ) + assert isinstance(ext.value, x509.OCSPNoCheck) + + class TestInhibitAnyPolicy(object): def test_not_int(self): with pytest.raises(TypeError): -- cgit v1.2.3