From 8bfbacef9cb973115c0cf0f4185c8f47812c37bc Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Thu, 23 Jul 2015 19:10:28 +0100
Subject: when building a CSR adding > 1 extension would trigger a bug

We were checking sk_X509_EXTENSION_push for a value == 1, but
in reality it returns the number of extensions on the stack. We
now assert >= 1 and added a test.
---
 src/cryptography/hazmat/backends/openssl/backend.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index 7ccb39a4..9cfe73c1 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -976,7 +976,7 @@ class Backend(object):
             )
             assert extension != self._ffi.NULL
             res = self._lib.sk_X509_EXTENSION_push(extensions, extension)
-            assert res == 1
+            assert res >= 1
         res = self._lib.X509_REQ_add_extensions(x509_req, extensions)
         assert res == 1
 
-- 
cgit v1.2.3