diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2017-09-13 22:06:12 +0800 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2017-09-13 10:06:12 -0400 |
| commit | 8c1f5edd12d755c770d1fd3a6dc8251c95588600 (patch) | |
| tree | e8d9287d4660f26022b5775478bcd0d3549b38ff | |
| parent | fbfc36da2a4769045f2373b004ddf0aff906cf38 (diff) | |
| download | cryptography-8c1f5edd12d755c770d1fd3a6dc8251c95588600.tar.gz cryptography-8c1f5edd12d755c770d1fd3a6dc8251c95588600.tar.bz2 cryptography-8c1f5edd12d755c770d1fd3a6dc8251c95588600.zip | |
fix a bug with URI value when parsing a string with no hostname (#3909)
strings of the form "scheme:///anything" would incorrectly have two
slashes dropped. This is fixed in two code paths in this PR but one of
those code paths will be entirely removed in a followup PR.
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/decode_asn1.py | 3 | ||||
| -rw-r--r-- | src/cryptography/x509/general_name.py | 3 | ||||
| -rw-r--r-- | tests/x509/test_x509_ext.py | 9 |
3 files changed, 9 insertions, 6 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/decode_asn1.py b/src/cryptography/hazmat/backends/openssl/decode_asn1.py index 9c2d763e..f178af07 100644 --- a/src/cryptography/hazmat/backends/openssl/decode_asn1.py +++ b/src/cryptography/hazmat/backends/openssl/decode_asn1.py @@ -102,7 +102,8 @@ def _decode_general_name(backend, gn): if parsed.hostname: hostname = idna.decode(parsed.hostname) else: - hostname = "" + # There's no IDNA so we can immediately return + return x509.UniformResourceIdentifier(data) if parsed.port: netloc = hostname + u":" + six.text_type(parsed.port) else: diff --git a/src/cryptography/x509/general_name.py b/src/cryptography/x509/general_name.py index 3ad71e4c..768be3bb 100644 --- a/src/cryptography/x509/general_name.py +++ b/src/cryptography/x509/general_name.py @@ -274,7 +274,8 @@ class UniformResourceIdentifier(object): ) parsed = urllib_parse.urlparse(self.bytes_value) if not parsed.hostname: - netloc = "" + # There's no idna here so we can immediately return + return self.bytes_value.decode("utf-8") elif parsed.port: netloc = idna.decode(parsed.hostname) + ":{0}".format(parsed.port) else: diff --git a/tests/x509/test_x509_ext.py b/tests/x509/test_x509_ext.py index b3ea1f96..929a9380 100644 --- a/tests/x509/test_x509_ext.py +++ b/tests/x509/test_x509_ext.py @@ -1689,10 +1689,11 @@ class TestUniformResourceIdentifier(object): b"gopher://xn--80ato2c.cryptography:70/some/path" ) - def test_empty_string(self): - gn = x509.UniformResourceIdentifier(b"") + def test_empty_hostname(self): + gn = x509.UniformResourceIdentifier(b"ldap:///some-nonsense") + assert gn.bytes_value == b"ldap:///some-nonsense" with pytest.warns(utils.DeprecatedIn21): - assert gn.value == u"" + assert gn.value == "ldap:///some-nonsense" def test_query_and_fragment(self): gn = x509.UniformResourceIdentifier( @@ -3819,7 +3820,7 @@ class TestCRLDistributionPointsExtension(object): assert cdps == x509.CRLDistributionPoints([ x509.DistributionPoint( full_name=[x509.UniformResourceIdentifier( - u"ldap:/CN=A,OU=B,dc=C,DC=D?E?F?G?H=I" + b"ldap:///CN=A,OU=B,dc=C,DC=D?E?F?G?H=I" )], relative_name=None, reasons=None, |