diff options
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/decode_asn1.py | 8 | ||||
| -rw-r--r-- | tests/x509/test_x509.py | 12 |
2 files changed, 19 insertions, 1 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/decode_asn1.py b/src/cryptography/hazmat/backends/openssl/decode_asn1.py index 24eb55b1..31fb8cfc 100644 --- a/src/cryptography/hazmat/backends/openssl/decode_asn1.py +++ b/src/cryptography/hazmat/backends/openssl/decode_asn1.py @@ -734,7 +734,13 @@ def _parse_asn1_time(backend, asn1_time): generalized_time = backend._lib.ASN1_TIME_to_generalizedtime( asn1_time, backend._ffi.NULL ) - backend.openssl_assert(generalized_time != backend._ffi.NULL) + if generalized_time == backend._ffi.NULL: + raise ValueError( + "Couldn't parse ASN.1 time as generalizedtime {!r}".format( + _asn1_string_to_bytes(backend, asn1_time) + ) + ) + generalized_time = backend._ffi.gc( generalized_time, backend._lib.ASN1_GENERALIZEDTIME_free ) diff --git a/tests/x509/test_x509.py b/tests/x509/test_x509.py index 4a34d4a9..720db78e 100644 --- a/tests/x509/test_x509.py +++ b/tests/x509/test_x509.py @@ -3752,6 +3752,18 @@ class TestOtherCertificate(object): with pytest.raises(ValueError): cert.public_key() + def test_bad_time_in_validity(self, backend): + cert = _load_cert( + os.path.join( + "x509", "badasn1time.pem" + ), + x509.load_pem_x509_certificate, + backend, + ) + + with pytest.raises(ValueError, match='19020701025736Z'): + cert.not_valid_after + class TestNameAttribute(object): EXPECTED_TYPES = [ |