From e8fd93c2083281395984abe4e49c63958427d918 Mon Sep 17 00:00:00 2001
From: Ian Cordasco <graffatcolmingov@gmail.com>
Date: Sun, 19 Jul 2015 10:05:40 -0500
Subject: Construct extensions like a CSR

- Use _encode_basic_constraints appropriately
- Create an appropriate object from the oid dotted string
- Create the X509 Extension appropriately
---
 src/cryptography/hazmat/backends/openssl/backend.py | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

(limited to 'src')

diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index 1c912e6c..5b9f0759 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -1043,14 +1043,17 @@ class Backend(object):
         # Add extensions.
         for i, extension in enumerate(builder._extensions):
             if isinstance(extension.value, x509.BasicConstraints):
-                extension = _encode_basic_constraints(
-                    self,
-                    extension.value.ca,
-                    extension.value.path_length,
-                    extension.critical
-                )
+                pp, r = _encode_basic_constraints(self, extension.value)
             else:
                 raise ValueError('Extension not yet supported.')
+
+            obj = _txt2obj(self, extension.oid.dotted_string)
+            extension = self._lib.X509_EXTENSION_create_by_OBJ(
+                self._ffi.NULL,
+                obj,
+                1 if extension.critical else 0,
+                _encode_asn1_str_gc(self, pp[0], r)
+            )
             res = self._lib.X509_add_ext(x509_cert, extension, i)
             assert res == 1
 
-- 
cgit v1.2.3