From 978a5e96473c2ce877151fa4e24917bac92ddaa8 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 25 May 2017 21:11:09 -0400 Subject: jurisdictionCountryName also must be PrintableString (#3516) * jurisdictionCountryName also must be PrintableString * flake8 + citation * Write a test, which fails. If my analysis is correct, this is blocked on: https://github.com/openssl/openssl/pull/3284 * This is only true on 1.1.0 * clearly express the version requirement --- tests/test_x509.py | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'tests/test_x509.py') diff --git a/tests/test_x509.py b/tests/test_x509.py index 110d8534..84108810 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -1440,9 +1440,11 @@ class TestRSACertificateRequest(object): 777 ).issuer_name(x509.Name([ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.JURISDICTION_COUNTRY_NAME, u'US'), x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u'Texas'), ])).subject_name(x509.Name([ x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'), + x509.NameAttribute(NameOID.JURISDICTION_COUNTRY_NAME, u'US'), x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u'Texas'), ])).public_key( subject_private_key.public_key() @@ -1460,6 +1462,15 @@ class TestRSACertificateRequest(object): # Check that each value was encoded as an ASN.1 PRINTABLESTRING. assert parsed.subject.chosen[0][0]['value'].chosen.tag == 19 assert parsed.issuer.chosen[0][0]['value'].chosen.tag == 19 + if ( + # This only works correctly in OpenSSL 1.1.0f+ and 1.0.2l+ + backend._lib.CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER or ( + backend._lib.CRYPTOGRAPHY_OPENSSL_102L_OR_GREATER and + not backend._lib.CRYPTOGRAPHY_OPENSSL_110_OR_GREATER + ) + ): + assert parsed.subject.chosen[1][0]['value'].chosen.tag == 19 + assert parsed.issuer.chosen[1][0]['value'].chosen.tag == 19 class TestCertificateBuilder(object): -- cgit v1.2.3