From 7638c3151ccbc17ff1adee0384b1fa10530cf87c Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Wed, 26 Nov 2014 11:13:31 -1000
Subject: improve x509 load error handling

---
 src/cryptography/hazmat/backends/openssl/backend.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index ceb10cfc..19d149b5 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -682,14 +682,20 @@ class Backend(object):
         x509 = self._lib.PEM_read_bio_X509(
             mem_bio.bio, self._ffi.NULL, self._ffi.NULL, self._ffi.NULL
         )
-        assert x509 != self._ffi.NULL
+        if x509 == self._ffi.NULL:
+            self._consume_errors()
+            raise ValueError("Unable to load certificate")
+
         x509 = self._ffi.gc(x509, self._lib.X509_free)
         return _X509Certificate(self, x509)
 
     def load_der_x509_certificate(self, data):
         mem_bio = self._bytes_to_bio(data)
         x509 = self._lib.d2i_X509_bio(mem_bio.bio, self._ffi.NULL)
-        assert x509 != self._ffi.NULL
+        if x509 == self._ffi.NULL:
+            self._consume_errors()
+            raise ValueError("Unable to load certificate")
+
         x509 = self._ffi.gc(x509, self._lib.X509_free)
         return _X509Certificate(self, x509)
 
-- 
cgit v1.2.3