Merge pull request #2136 from reaperhulk/encode-othername

Encode othername

1 files changed, 27 insertions, 0 deletions

diff --git a/tests/test_x509.py b/tests/test_x509.py
index 9b6b8826..cb617268 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -1004,6 +1004,10 @@ class TestCertificateSigningRequestBuilder(object):
                 ])),
                 x509.IPAddress(ipaddress.ip_address(u"127.0.0.1")),
                 x509.IPAddress(ipaddress.ip_address(u"ff::")),
+                x509.OtherName(
+                    type_id=x509.ObjectIdentifier("1.2.3.3.3.3"),
+                    value=b"0\x03\x02\x01\x05"
+                ),
             ]),
             critical=False,
         ).sign(private_key, hashes.SHA256(), backend)
@@ -1026,8 +1030,31 @@ class TestCertificateSigningRequestBuilder(object):
             ])),
             x509.IPAddress(ipaddress.ip_address(u"127.0.0.1")),
             x509.IPAddress(ipaddress.ip_address(u"ff::")),
+            x509.OtherName(
+                type_id=x509.ObjectIdentifier("1.2.3.3.3.3"),
+                value=b"0\x03\x02\x01\x05"
+            ),
         ]
 
+    def test_invalid_asn1_othername(self, backend):
+        private_key = RSA_KEY_2048.private_key(backend)
+
+        builder = x509.CertificateSigningRequestBuilder().subject_name(
+            x509.Name([
+                x509.NameAttribute(x509.OID_COMMON_NAME, u"SAN"),
+            ])
+        ).add_extension(
+            x509.SubjectAlternativeName([
+                x509.OtherName(
+                    type_id=x509.ObjectIdentifier("1.2.3.3.3.3"),
+                    value=b"\x01\x02\x01\x05"
+                ),
+            ]),
+            critical=False,
+        )
+        with pytest.raises(ValueError):
+            builder.sign(private_key, hashes.SHA256(), backend)
+
     def test_subject_alt_name_unsupported_general_name(self, backend):
         private_key = RSA_KEY_2048.private_key(backend)