From 202f5675b246764461d40725abab704495e0dba2 Mon Sep 17 00:00:00 2001
From: Marko Kreen <markokr@gmail.com>
Date: Sat, 7 Sep 2019 10:32:13 +0300
Subject: Allow FreshestCRL extension in CRL (#4975)

Per RFC5280 it is allowed in both certificates and CRL-s.
---
 src/cryptography/hazmat/backends/openssl/decode_asn1.py | 1 +
 src/cryptography/hazmat/backends/openssl/encode_asn1.py | 1 +
 2 files changed, 2 insertions(+)

(limited to 'src')

diff --git a/src/cryptography/hazmat/backends/openssl/decode_asn1.py b/src/cryptography/hazmat/backends/openssl/decode_asn1.py
index 35295ce3..47c6c654 100644
--- a/src/cryptography/hazmat/backends/openssl/decode_asn1.py
+++ b/src/cryptography/hazmat/backends/openssl/decode_asn1.py
@@ -846,6 +846,7 @@ _CRL_EXTENSION_HANDLERS = {
         _decode_authority_information_access
     ),
     ExtensionOID.ISSUING_DISTRIBUTION_POINT: _decode_issuing_dist_point,
+    ExtensionOID.FRESHEST_CRL: _decode_freshest_crl,
 }
 
 _OCSP_REQ_EXTENSION_HANDLERS = {
diff --git a/src/cryptography/hazmat/backends/openssl/encode_asn1.py b/src/cryptography/hazmat/backends/openssl/encode_asn1.py
index a774daa7..fc16a58b 100644
--- a/src/cryptography/hazmat/backends/openssl/encode_asn1.py
+++ b/src/cryptography/hazmat/backends/openssl/encode_asn1.py
@@ -640,6 +640,7 @@ _CRL_EXTENSION_ENCODE_HANDLERS = {
     ExtensionOID.CRL_NUMBER: _encode_crl_number_delta_crl_indicator,
     ExtensionOID.DELTA_CRL_INDICATOR: _encode_crl_number_delta_crl_indicator,
     ExtensionOID.ISSUING_DISTRIBUTION_POINT: _encode_issuing_dist_point,
+    ExtensionOID.FRESHEST_CRL: _encode_cdps_freshest_crl,
 }
 
 _CRL_ENTRY_EXTENSION_ENCODE_HANDLERS = {
-- 
cgit v1.2.3