Merge pull request #2593 from reaperhulk/crl-support-ec-dsa

Support EC and DSA signing of CRLs in the OpenSSL backend
author: Alex Gaynor <alex.gaynor@gmail.com> 2015-12-27 15:00:59 -0500
committer: Alex Gaynor <alex.gaynor@gmail.com> 2015-12-27 15:00:59 -0500
commit: b04b67e06ea638e23e06f3fde151a6912c184025 (patch)
tree: c09c007cd5ae3bb50f58255fc1d15c645b7860df /src
parent: d5d0a3102b609907f2dfadad8e0da10374475697 (diff)
parent: 9d345312d5ff22cd40d2359dc1765170badf42ea (diff)
download: cryptography-b04b67e06ea638e23e06f3fde151a6912c184025.tar.gz
cryptography-b04b67e06ea638e23e06f3fde151a6912c184025.tar.bz2
cryptography-b04b67e06ea638e23e06f3fde151a6912c184025.zip
1 files changed, 11 insertions, 10 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index 38fe0772..e8b0322e 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -1453,16 +1453,17 @@ class Backend(object):
         if not isinstance(algorithm, hashes.HashAlgorithm):
             raise TypeError('Algorithm must be a registered hash algorithm.')
 
-        if isinstance(private_key, _DSAPrivateKey):
-            raise NotImplementedError(
-                "CRL signatures aren't implemented for DSA"
-                " keys at this time."
-            )
-        if isinstance(private_key, _EllipticCurvePrivateKey):
-            raise NotImplementedError(
-                "CRL signatures aren't implemented for EC"
-                " keys at this time."
-            )
+        if self._lib.OPENSSL_VERSION_NUMBER <= 0x10001000:
+            if isinstance(private_key, _DSAPrivateKey):
+                raise NotImplementedError(
+                    "CRL signatures aren't implemented for DSA"
+                    " keys on OpenSSL versions less than 1.0.1."
+                )
+            if isinstance(private_key, _EllipticCurvePrivateKey):
+                raise NotImplementedError(
+                    "CRL signatures aren't implemented for EC"
+                    " keys on OpenSSL versions less than 1.0.1."
+                )
 
         evp_md = self._lib.EVP_get_digestbyname(
             algorithm.name.encode('ascii')
author	Alex Gaynor <alex.gaynor@gmail.com>	2015-12-27 15:00:59 -0500
committer	Alex Gaynor <alex.gaynor@gmail.com>	2015-12-27 15:00:59 -0500
commit	b04b67e06ea638e23e06f3fde151a6912c184025 (patch)
tree	c09c007cd5ae3bb50f58255fc1d15c645b7860df /src
parent	d5d0a3102b609907f2dfadad8e0da10374475697 (diff)
parent	9d345312d5ff22cd40d2359dc1765170badf42ea (diff)
download	cryptography-b04b67e06ea638e23e06f3fde151a6912c184025.tar.gz cryptography-b04b67e06ea638e23e06f3fde151a6912c184025.tar.bz2 cryptography-b04b67e06ea638e23e06f3fde151a6912c184025.zip