From ba19c2e73f70e5b3e08d62e13326e91588eae8c4 Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Sat, 27 Jun 2015 00:07:09 -0400
Subject: Fixed #2067 -- raise an error if a CSRbuilder doesn't hav a subject

---
 src/cryptography/hazmat/backends/openssl/backend.py |  2 +-
 src/cryptography/x509.py                            |  2 ++
 tests/test_x509.py                                  | 12 +++++++++++-
 3 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index 78de79d1..e27fb6e8 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -833,7 +833,7 @@ class Backend(object):
 
         # Set subject name.
         res = self._lib.X509_REQ_set_subject_name(
-            x509_req, _encode_name(self, list(builder._subject_name))
+            x509_req, _encode_name(self, builder._subject_name)
         )
         assert res == 1
 
diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py
index 0f72abb3..668bc2ef 100644
--- a/src/cryptography/x509.py
+++ b/src/cryptography/x509.py
@@ -1486,4 +1486,6 @@ class CertificateSigningRequestBuilder(object):
         """
         Signs the request using the requestor's private key.
         """
+        if self._subject_name is None:
+            raise ValueError("A CertificateSigningRequest must have a subject")
         return backend.create_x509_csr(self, private_key, algorithm)
diff --git a/tests/test_x509.py b/tests/test_x509.py
index 08dae0ce..131954ca 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -687,10 +687,20 @@ class TestCertificateSigningRequestBuilder(object):
     def test_sign_invalid_hash_algorithm(self, backend):
         private_key = RSA_KEY_2048.private_key(backend)
 
-        builder = x509.CertificateSigningRequestBuilder()
+        builder = x509.CertificateSigningRequestBuilder().subject_name(
+            x509.Name([])
+        )
         with pytest.raises(TypeError):
             builder.sign(private_key, 'NotAHash', backend)
 
+    @pytest.mark.requires_backend_interface(interface=RSABackend)
+    def test_no_subject_name(self, backend):
+        private_key = RSA_KEY_2048.private_key(backend)
+
+        builder = x509.CertificateSigningRequestBuilder()
+        with pytest.raises(ValueError):
+            builder.sign(private_key, hashes.SHA256(), backend)
+
     @pytest.mark.requires_backend_interface(interface=RSABackend)
     def test_build_ca_request_with_rsa(self, backend):
         private_key = RSA_KEY_2048.private_key(backend)
-- 
cgit v1.2.3