diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2017-09-26 10:23:24 +0800 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2017-09-25 22:23:24 -0400 |
| commit | 72c92f5ed1a3fe1b5196e0247bbe4cbe5e93c1a7 (patch) | |
| tree | 2d7c2ddc1174a8185ac1a0d13b4189ae1b70b3ad /CHANGELOG.rst | |
| parent | 7bb0210ef9e4cd7c822ea3864bd7b18f3877c24b (diff) | |
| download | cryptography-72c92f5ed1a3fe1b5196e0247bbe4cbe5e93c1a7.tar.gz cryptography-72c92f5ed1a3fe1b5196e0247bbe4cbe5e93c1a7.tar.bz2 cryptography-72c92f5ed1a3fe1b5196e0247bbe4cbe5e93c1a7.zip | |
both parse and encode the ASN1 string type for Name attributes (#3896)
* both parse and encode the ASN1 string type for Name attributes
Previously cryptography encoded everything (except country names) as
UTF8String. This caused problems with chain building in libraries like
NSS where the subject and issuer are expected to match byte-for-byte.
With this change we now parse and store the ASN1 string type as a
private _type in NameAttribute. We then use this to encode when issuing
a new certificate. This allows the CertificateBuilder to properly
construct an identical issuer and fixes the issue with NSS.
* make the sentinel private too
Diffstat (limited to 'CHANGELOG.rst')
| -rw-r--r-- | CHANGELOG.rst | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst index a56c67b9..6b4d5387 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -41,6 +41,8 @@ Changelog * Added support for using labels with :class:`~cryptography.hazmat.primitives.asymmetric.padding.OAEP` when using OpenSSL 1.0.2 or greater. +* Improved compatibility with NSS when issuing certificates from an issuer + that has a subject with non-``UTF8String`` string types. * Add support for the :class:`~cryptography.x509.DeltaCRLIndicator` extension. * Add support for the :class:`~cryptography.x509.TLSFeature` extension. This is commonly used for enabling ``OCSP Must-Staple`` in |