From c6e0f06135d36533a7543b0a24f144b44019a9dc Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Sun, 3 May 2015 11:04:34 -0500
Subject: Fix AKI authority_cert_issuer type

It was originally defined as an X509 Name, but in reality it is a
list of GeneralName objects (albeit typically a list of one
DirectoryName).
---
 src/cryptography/x509.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py
index 27337092..0d87cd51 100644
--- a/src/cryptography/x509.py
+++ b/src/cryptography/x509.py
@@ -666,8 +666,13 @@ class AuthorityKeyIdentifier(object):
                     "must both be present or both None"
                 )
 
-            if not isinstance(authority_cert_issuer, Name):
-                raise TypeError("authority_cert_issuer must be a Name")
+            if not all(
+                isinstance(x, GeneralName) for x in authority_cert_issuer
+            ):
+                raise TypeError(
+                    "authority_cert_issuer must be a list of GeneralName "
+                    "objects"
+                )
 
             if not isinstance(authority_cert_serial_number, six.integer_types):
                 raise TypeError(
-- 
cgit v1.2.3