add support for parsing AuthorityInfoAccess and IssuerAltName CRL exts

Expand the CRL extensions test to check the value

3 files changed, 28 insertions, 4 deletions

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 742d4116..3dc5249c 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -25,7 +25,12 @@ Changelog
   :class:`~cryptography.x509.CertificateRevocationList`.
 * Add support for parsing :class:`~cryptography.x509.CertificateRevocationList`
   :meth:`~cryptography.x509.CertificateRevocationList.extensions` in the
-  OpenSSL backend.
+  OpenSSL backend. The following extensions are currently supported:
+
+  * :class:`~cryptography.x509.AuthorityInformationAccess`
+  * :class:`~cryptography.x509.AuthorityKeyIdentifier`
+  * ``CRLNumber``
+  * :class:`~cryptography.x509.IssuerAlternativeName`
 
 1.1.2 - 2015-12-10
 ~~~~~~~~~~~~~~~~~~
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index 6f335f48..45c0df50 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -987,6 +987,10 @@ _REVOKED_UNSUPPORTED_EXTENSIONS = set([
 _CRL_EXTENSION_HANDLERS = {
     ExtensionOID.CRL_NUMBER: _decode_crl_number,
     ExtensionOID.AUTHORITY_KEY_IDENTIFIER: _decode_authority_key_identifier,
+    ExtensionOID.ISSUER_ALTERNATIVE_NAME: _decode_issuer_alt_name,
+    ExtensionOID.AUTHORITY_INFORMATION_ACCESS: (
+        _decode_authority_information_access
+    ),
 }
 
 _CERTIFICATE_EXTENSION_PARSER = _X509ExtensionParser(
diff --git a/tests/test_x509.py b/tests/test_x509.py
index 8d943225..b39e1891 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -175,8 +175,8 @@ class TestCertificateRevocationList(object):
 
     def test_extensions(self, backend):
         crl = _load_cert(
-            os.path.join("x509", "PKITS_data", "crls", "GoodCACRL.crl"),
-            x509.load_der_x509_crl,
+            os.path.join("x509", "custom", "crl_ian_aia_aki.pem"),
+            x509.load_pem_x509_crl,
             backend
         )
 
@@ -186,15 +186,30 @@ class TestCertificateRevocationList(object):
         aki = crl.extensions.get_extension_for_class(
             x509.AuthorityKeyIdentifier
         )
+        aia = crl.extensions.get_extension_for_class(
+            x509.AuthorityInformationAccess
+        )
+        ian = crl.extensions.get_extension_for_class(
+            x509.IssuerAlternativeName
+        )
         assert crl_number.value == 1
         assert crl_number.critical is False
         assert aki.value == x509.AuthorityKeyIdentifier(
             key_identifier=(
-                b'X\x01\x84$\x1b\xbc+R\x94J=\xa5\x10r\x14Q\xf5\xaf:\xc9'
+                b'yu\xbb\x84:\xcb,\xdez\t\xbe1\x1bC\xbc\x1c*MSX'
             ),
             authority_cert_issuer=None,
             authority_cert_serial_number=None
         )
+        assert aia.value == x509.AuthorityInformationAccess([
+            x509.AccessDescription(
+                AuthorityInformationAccessOID.CA_ISSUERS,
+                x509.DNSName(u"cryptography.io")
+            )
+        ])
+        assert ian.value == x509.IssuerAlternativeName([
+            x509.UniformResourceIdentifier(u"https://cryptography.io"),
+        ])
 
     def test_signature(self, backend):
         crl = _load_cert(