From 4db9662ff1d25a0e5f974035c5a2b12b67cb2910 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Mon, 20 Apr 2015 22:17:39 -0500 Subject: support registeredID general name in OpenSSL backend --- src/cryptography/hazmat/backends/openssl/x509.py | 3 +++ tests/test_x509_ext.py | 18 ++++++++++++++++++ 2 files changed, 21 insertions(+) diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index cc4a92a6..c21aeeb1 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -63,6 +63,9 @@ def _build_general_name(backend, gn): if gn.type == backend._lib.GEN_DNS: data = backend._ffi.buffer(gn.d.dNSName.data, gn.d.dNSName.length)[:] return x509.DNSName(idna.decode(data)) + elif gn.type == backend._lib.GEN_RID: + oid = _obj2txt(backend, gn.d.registeredID) + return x509.RegisteredID(x509.ObjectIdentifier(oid)) else: # otherName, x400Address or ediPartyName raise x509.UnsupportedGeneralNameType( diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py index 1283fca7..bce6781f 100644 --- a/tests/test_x509_ext.py +++ b/tests/test_x509_ext.py @@ -770,3 +770,21 @@ class TestRSASubjectAlternativeNameExtension(object): cert.extensions assert exc.value.type == 0 + + def test_registered_id(self, backend): + cert = _load_cert( + os.path.join( + "x509", "custom", "san_registered_id.pem" + ), + x509.load_pem_x509_certificate, + backend + ) + ext = cert.extensions.get_extension_for_oid( + x509.OID_SUBJECT_ALTERNATIVE_NAME + ) + assert ext is not None + assert ext.critical is False + + san = ext.value + rid = san.get_values_for_type(x509.RegisteredID) + assert rid == [x509.ObjectIdentifier("1.2.3.4")] -- cgit v1.2.3