From b7b1289117d9cd8bd17f03c1f8c3f753260e5ccd Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Fri, 25 Dec 2015 09:59:12 -0600 Subject: use _create_x509_extensions in create_x509_crl --- .../hazmat/backends/openssl/backend.py | 28 +++++++--------------- 1 file changed, 8 insertions(+), 20 deletions(-) diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index 7ea5fa75..65792c3b 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -1510,26 +1510,14 @@ class Backend(object): self.openssl_assert(res == 1) # TODO: support revoked certificates - for i, extension in enumerate(builder._extensions): - try: - encode = _CRL_EXTENSION_ENCODE_HANDLERS[extension.oid] - except KeyError: - raise NotImplementedError( - 'Extension not supported: {0}'.format(extension.oid) - ) - - pp, r = encode(self, extension.value) - obj = _txt2obj_gc(self, extension.oid.dotted_string) - extension = self._lib.X509_EXTENSION_create_by_OBJ( - self._ffi.NULL, - obj, - 1 if extension.critical else 0, - _encode_asn1_str_gc(self, pp[0], r) - ) - self.openssl_assert(extension != self._ffi.NULL) - extension = self._ffi.gc(extension, self._lib.X509_EXTENSION_free) - res = self._lib.X509_CRL_add_ext(x509_crl, extension, i) - self.openssl_assert(res == 1) + # Add extensions. + self._create_x509_extensions( + extensions=builder._extensions, + handlers=_CRL_EXTENSION_ENCODE_HANDLERS, + x509_obj=x509_crl, + add_func=self._lib.X509_CRL_add_ext, + gc=True + ) res = self._lib.X509_CRL_sign( x509_crl, private_key._evp_pkey, evp_md -- cgit v1.2.3