From 0cf3690df91566c14c0c916f42af790de76e9e57 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Mon, 5 Dec 2016 07:12:43 -0600 Subject: friendly error if you put a date too far in the future on windows (#3279) --- src/cryptography/hazmat/backends/openssl/backend.py | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index 9df113b6..1c01e83d 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -845,14 +845,16 @@ class Backend(object): self._lib.X509_get_notBefore(x509_cert), calendar.timegm(builder._not_valid_before.timetuple()) ) - self.openssl_assert(res != self._ffi.NULL) + if res == self._ffi.NULL: + self._raise_time_set_error() # Set the "not after" time. res = self._lib.ASN1_TIME_set( self._lib.X509_get_notAfter(x509_cert), calendar.timegm(builder._not_valid_after.timetuple()) ) - self.openssl_assert(res != self._ffi.NULL) + if res == self._ffi.NULL: + self._raise_time_set_error() # Add extensions. self._create_x509_extensions( @@ -883,6 +885,17 @@ class Backend(object): return _Certificate(self, x509_cert) + def _raise_time_set_error(self): + errors = self._consume_errors() + self.openssl_assert(errors[0][1] == self._lib.ERR_LIB_ASN1) + self.openssl_assert( + errors[0][3] == self._lib.ASN1_R_ERROR_GETTING_TIME + ) + raise ValueError( + "Invalid time. This error can occur if you set a time too far in " + "the future on Windows." + ) + def create_x509_crl(self, builder, private_key, algorithm): if not isinstance(builder, x509.CertificateRevocationListBuilder): raise TypeError('Builder type mismatch.') -- cgit v1.2.3