From eb177931f825308f9b4df9c789f76b7ce04751f6 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Sun, 17 May 2015 18:33:33 -0700
Subject: IPAddress needs to support networks for nameconstraints

---
 docs/x509.rst            |  5 +++--
 src/cryptography/x509.py | 13 ++++++++++---
 tests/test_x509_ext.py   |  6 ++++++
 3 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/docs/x509.rst b/docs/x509.rst
index ff43be01..850e3df1 100644
--- a/docs/x509.rst
+++ b/docs/x509.rst
@@ -509,8 +509,9 @@ General Name Classes
 
     .. attribute:: value
 
-        :type: :class:`~ipaddress.IPv4Address` or
-            :class:`~ipaddress.IPv6Address`.
+        :type: :class:`~ipaddress.IPv4Address`,
+            :class:`~ipaddress.IPv6Address`,  :class:`~ipaddress.IPv4Network`,
+            or :class:`~ipaddress.IPv6Network`.
 
 .. class:: RegisteredID
 
diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py
index 325d6d62..17c2a7c4 100644
--- a/src/cryptography/x509.py
+++ b/src/cryptography/x509.py
@@ -909,11 +909,18 @@ class RegisteredID(object):
 class IPAddress(object):
     def __init__(self, value):
         if not isinstance(
-            value, (ipaddress.IPv4Address, ipaddress.IPv6Address)
+            value,
+            (
+                ipaddress.IPv4Address,
+                ipaddress.IPv6Address,
+                ipaddress.IPv4Network,
+                ipaddress.IPv6Network
+            )
         ):
             raise TypeError(
-                "value must be an instance of ipaddress.IPv4Address or "
-                "ipaddress.IPv6Address"
+                "value must be an instance of ipaddress.IPv4Address, "
+                "ipaddress.IPv6Address, ipaddress.IPv4Network, or "
+                "ipaddress.IPv6Network"
             )
 
         self._value = value
diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py
index 572aa30c..d3488a9f 100644
--- a/tests/test_x509_ext.py
+++ b/tests/test_x509_ext.py
@@ -1121,6 +1121,12 @@ class TestIPAddress(object):
         gn2 = x509.IPAddress(ipaddress.IPv6Address(u"ff::"))
         assert repr(gn2) == "<IPAddress(value=ff::)>"
 
+        gn3 = x509.IPAddress(ipaddress.IPv4Network(u"192.168.0.0/24"))
+        assert repr(gn3) == "<IPAddress(value=192.168.0.0/24)>"
+
+        gn4 = x509.IPAddress(ipaddress.IPv6Network(u"ff::/96"))
+        assert repr(gn4) == "<IPAddress(value=ff::/96)>"
+
     def test_eq(self):
         gn = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.1"))
         gn2 = x509.IPAddress(ipaddress.IPv4Address(u"127.0.0.1"))
-- 
cgit v1.2.3