From 58ddc11036bbbb3c558015f9a5c8ea201fa609ec Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Wed, 30 Dec 2015 20:19:00 -0600
Subject: support unrecognized extensions in x509

---
 src/cryptography/hazmat/backends/openssl/x509.py | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'src')

diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index 293c6288..b8614e0b 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -213,6 +213,15 @@ class _X509ExtensionParser(object):
                         "Critical extension {0} is not currently supported"
                         .format(oid), oid
                     )
+                else:
+                    # Dump the DER payload into an UnrecognizedExtension object
+                    data = backend._lib.X509_EXTENSION_get_data(ext)
+                    backend.openssl_assert(data != backend._ffi.NULL)
+                    der = backend._ffi.buffer(data.data, data.length)[:]
+                    unrecognized = x509.UnrecognizedExtension(oid, der)
+                    extensions.append(
+                        x509.Extension(oid, critical, unrecognized)
+                    )
             else:
                 # For extensions which are not supported by OpenSSL we pass the
                 # extension object directly to the parsing routine so it can
-- 
cgit v1.2.3