From 9ce25a9e624a43e47f677a764d4eedcdc7f6c86e Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Fri, 10 Jul 2015 11:08:31 -0500 Subject: support DirectoryName encoding for general names --- src/cryptography/hazmat/backends/openssl/backend.py | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'src') diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index d6493778..194f295c 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -171,6 +171,15 @@ def _encode_subject_alt_name(backend, san): ) assert obj != backend._ffi.NULL gn.d.registeredID = obj + elif isinstance(alt_name, x509.DirectoryName): + gn = backend._lib.GENERAL_NAME_new() + assert gn != backend._ffi.NULL + name = _encode_name(backend, alt_name.value) + # _encode_name registers the X509_NAME for gc so we'll duplicate + # a new one that is not gc'd for the struct + name = backend._lib.X509_NAME_dup(name) + gn.type = backend._lib.GEN_DIRNAME + gn.d.directoryName = name else: raise NotImplementedError( "Only DNSName and RegisteredID supported right now" -- cgit v1.2.3 From 065b7b81984b8dbb24910d438b9ea0128db0b0bf Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 11 Jul 2015 12:32:27 -0500 Subject: modify _encode_name, add _encode_name_gc --- src/cryptography/hazmat/backends/openssl/backend.py | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) (limited to 'src') diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index 194f295c..af675116 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -89,8 +89,10 @@ def _encode_asn1_str(backend, data, length): def _encode_name(backend, attributes): + """ + The X509_NAME created will not be gc'd. Use _encode_name_gc if needed. + """ subject = backend._lib.X509_NAME_new() - subject = backend._ffi.gc(subject, backend._lib.X509_NAME_free) for attribute in attributes: value = attribute.value.encode('utf8') obj = _txt2obj(backend, attribute.oid.dotted_string) @@ -105,6 +107,12 @@ def _encode_name(backend, attributes): return subject +def _encode_name_gc(backend, attributes): + subject = _encode_name(backend, attributes) + subject = backend._ffi.gc(subject, backend._lib.X509_NAME_free) + return subject + + def _txt2obj(backend, name): """ Converts a Python string with an ASN.1 object ID in dotted form to a @@ -175,9 +183,6 @@ def _encode_subject_alt_name(backend, san): gn = backend._lib.GENERAL_NAME_new() assert gn != backend._ffi.NULL name = _encode_name(backend, alt_name.value) - # _encode_name registers the X509_NAME for gc so we'll duplicate - # a new one that is not gc'd for the struct - name = backend._lib.X509_NAME_dup(name) gn.type = backend._lib.GEN_DIRNAME gn.d.directoryName = name else: @@ -883,7 +888,7 @@ class Backend(object): # Set subject name. res = self._lib.X509_REQ_set_subject_name( - x509_req, _encode_name(self, builder._subject_name) + x509_req, _encode_name_gc(self, builder._subject_name) ) assert res == 1 -- cgit v1.2.3