From d607dd7e5bc5c08854ec0c9baff70ba4a35be36f Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Mon, 29 May 2017 16:33:20 -0500 Subject: Enlarge _oid2txt buffer to handle larger OIDs (#3612) The OpenSSL manual recommends a buffer size of 80 for OBJ_oid2txt: https://www.openssl.org/docs/crypto/OBJ_nid2ln.html#return_values. But OIDs longer than this occur in real life (e.g. Active Directory makes some very long OIDs). If the length of the stringified OID exceeds the buffer size, allocate a new buffer that is big enough to hold the stringified OID, and re-do the conversion into the new buffer. --- tests/test_x509_ext.py | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'tests/test_x509_ext.py') diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py index eaf5a51a..b89abdda 100644 --- a/tests/test_x509_ext.py +++ b/tests/test_x509_ext.py @@ -409,6 +409,7 @@ class TestPolicyInformation(object): assert pi != object() +@pytest.mark.requires_backend_interface(interface=X509Backend) class TestCertificatePolicies(object): def test_invalid_policies(self): pq = [u"string"] @@ -481,6 +482,26 @@ class TestCertificatePolicies(object): assert cp[-1] == cp[4] assert cp[2:6:2] == [cp[2], cp[4]] + def test_long_oid(self, backend): + """ + Test that parsing a CertificatePolicies ext with + a very long OID succeeds. + """ + cert = _load_cert( + os.path.join("x509", "bigoid.pem"), + x509.load_pem_x509_certificate, + backend + ) + ext = cert.extensions.get_extension_for_class( + x509.CertificatePolicies) + + oid = x509.ObjectIdentifier( + "1.3.6.1.4.1.311.21.8.8950086.10656446.2706058" + ".12775672.480128.147.13466065.13029902" + ) + + assert ext.value[0].policy_identifier == oid + @pytest.mark.requires_backend_interface(interface=RSABackend) @pytest.mark.requires_backend_interface(interface=X509Backend) -- cgit v1.2.3