From d04b39b253916223e9dd99831586822a4f9a2fc1 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Tue, 21 Apr 2015 08:44:17 -0500 Subject: add a check to require that the list passed to SAN is all general names --- src/cryptography/x509.py | 6 ++++++ tests/test_x509_ext.py | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py index cdc0e430..898ab6c7 100644 --- a/src/cryptography/x509.py +++ b/src/cryptography/x509.py @@ -542,6 +542,12 @@ class IPAddress(object): class SubjectAlternativeName(object): def __init__(self, general_names): + if not all(isinstance(x, GeneralName) for x in general_names): + raise TypeError( + "Every item in the general_names list must be an " + "object conforming to the GeneralName interface" + ) + self._general_names = general_names def __iter__(self): diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py index 8516a339..45d309db 100644 --- a/tests/test_x509_ext.py +++ b/tests/test_x509_ext.py @@ -721,6 +721,12 @@ class TestSubjectAlternativeName(object): x509.DNSName(six.u("crypto.local")), ] + def test_invalid_general_names(self): + with pytest.raises(TypeError): + x509.SubjectAlternativeName( + [x509.DNSName(six.u("cryptography.io")), "invalid"] + ) + def test_repr(self): san = x509.SubjectAlternativeName( [ -- cgit v1.2.3