diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-07-10 19:45:47 -0500 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-07-11 21:27:04 -0500 |
| commit | 235e5a1a27b04a790cba988977d894266185135d (patch) | |
| tree | 37f0f86acc876ca6d6efd1f61d4b32bd769803b0 | |
| parent | c8e9861396914451086f8410df7e7575a9b23bd7 (diff) | |
| download | cryptography-235e5a1a27b04a790cba988977d894266185135d.tar.gz cryptography-235e5a1a27b04a790cba988977d894266185135d.tar.bz2 cryptography-235e5a1a27b04a790cba988977d894266185135d.zip | |
support IPAddress encoding for general names
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/backend.py | 18 | ||||
| -rw-r--r-- | tests/test_x509.py | 5 |
2 files changed, 21 insertions, 2 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index af675116..7255b470 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -83,8 +83,14 @@ def _encode_asn1_str(backend, data, length): Create an ASN1_OCTET_STRING from a Python byte string. """ s = backend._lib.ASN1_OCTET_STRING_new() + res = backend._lib.ASN1_OCTET_STRING_set(s, data, length) + assert res == 1 + return s + + +def _encode_asn1_str_gc(backend, data, length): + s = _encode_asn1_str(backend, data, length) s = backend._ffi.gc(s, backend._lib.ASN1_OCTET_STRING_free) - backend._lib.ASN1_OCTET_STRING_set(s, data, length) return s @@ -185,6 +191,14 @@ def _encode_subject_alt_name(backend, san): name = _encode_name(backend, alt_name.value) gn.type = backend._lib.GEN_DIRNAME gn.d.directoryName = name + elif isinstance(alt_name, x509.IPAddress): + gn = backend._lib.GENERAL_NAME_new() + assert gn != backend._ffi.NULL + ipaddr = _encode_asn1_str( + backend, alt_name.value.packed, len(alt_name.value.packed) + ) + gn.type = backend._lib.GEN_IPADD + gn.d.iPAddress = ipaddr else: raise NotImplementedError( "Only DNSName and RegisteredID supported right now" @@ -919,7 +933,7 @@ class Backend(object): self._ffi.NULL, obj, 1 if extension.critical else 0, - _encode_asn1_str(self, pp[0], r), + _encode_asn1_str_gc(self, pp[0], r), ) assert extension != self._ffi.NULL res = self._lib.sk_X509_EXTENSION_push(extensions, extension) diff --git a/tests/test_x509.py b/tests/test_x509.py index 6ad891b1..9b6b8826 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -6,6 +6,7 @@ from __future__ import absolute_import, division, print_function import binascii import datetime +import ipaddress import os import pytest @@ -1001,6 +1002,8 @@ class TestCertificateSigningRequestBuilder(object): x509.OID_ORGANIZATION_NAME, u'We heart UTF8!\u2122' ) ])), + x509.IPAddress(ipaddress.ip_address(u"127.0.0.1")), + x509.IPAddress(ipaddress.ip_address(u"ff::")), ]), critical=False, ).sign(private_key, hashes.SHA256(), backend) @@ -1021,6 +1024,8 @@ class TestCertificateSigningRequestBuilder(object): x509.OID_ORGANIZATION_NAME, u'We heart UTF8!\u2122' ), ])), + x509.IPAddress(ipaddress.ip_address(u"127.0.0.1")), + x509.IPAddress(ipaddress.ip_address(u"ff::")), ] def test_subject_alt_name_unsupported_general_name(self, backend): |