diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2015-07-05 12:28:46 -0400 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2015-07-05 12:28:46 -0400 |
| commit | 6431d50831b8e4a4927f5e6619603eeac78ff489 (patch) | |
| tree | 0ec7874ae7a617958ed65a42926e2de3735dc08f | |
| parent | eae9560f6801e9c89381c2616b795b9037f2a6a9 (diff) | |
| download | cryptography-6431d50831b8e4a4927f5e6619603eeac78ff489.tar.gz cryptography-6431d50831b8e4a4927f5e6619603eeac78ff489.tar.bz2 cryptography-6431d50831b8e4a4927f5e6619603eeac78ff489.zip | |
Wildcards. Also fixed a bug with multiple GNs
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/backend.py | 9 | ||||
| -rw-r--r-- | tests/test_x509.py | 6 |
2 files changed, 11 insertions, 4 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index 6f64613b..ec692926 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -152,7 +152,12 @@ def _encode_subject_alt_name(backend, san): gn.type = backend._lib.GEN_DNS ia5 = backend._lib.ASN1_IA5STRING_new() assert ia5 != backend._ffi.NULL - value = idna.encode(alt_name.value) + + if alt_name.value.startswith(u"*."): + value = b"*." + idna.encode(alt_name.value[2:]) + else: + value = idna.encode(alt_name.value) + res = backend._lib.ASN1_STRING_set(ia5, value, len(value)) assert res == 1 gn.d.dNSName = ia5 @@ -160,7 +165,7 @@ def _encode_subject_alt_name(backend, san): raise NotImplementedError("Only DNSNames are supported right now") res = backend._lib.sk_GENERAL_NAME_push(general_names, gn) - assert res == 1 + assert res >= 0 pp = backend._ffi.new("unsigned char **") r = backend._lib.i2d_GENERAL_NAMES(general_names, pp) diff --git a/tests/test_x509.py b/tests/test_x509.py index b8c3b03a..78552978 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -920,7 +920,8 @@ class TestCertificateSigningRequestBuilder(object): ]) ).add_extension( x509.SubjectAlternativeName([ - x509.DNSName(u"google.com"), + x509.DNSName(u"example.com"), + x509.DNSName(u"*.example.com"), ]), critical=False, ).sign(private_key, hashes.SHA256(), backend) @@ -932,7 +933,8 @@ class TestCertificateSigningRequestBuilder(object): assert not ext.critical assert ext.oid == x509.OID_SUBJECT_ALTERNATIVE_NAME assert list(ext.value) == [ - x509.DNSName(u"google.com"), + x509.DNSName(u"example.com"), + x509.DNSName(u"*.example.com"), ] def test_subject_alt_name_unsupported_general_name(self, backend): |