allow multi-valued RDNs (#4616)

RDNs can have multiple values. This allows them in FreshestCRL and upcoming IssuingDistributionPoint encoding support.
author: Paul Kehrer <paul.l.kehrer@gmail.com> 2018-12-01 12:26:54 +0800
committer: Alex Gaynor <alex.gaynor@gmail.com> 2018-11-30 23:26:54 -0500
commit: a84c5cdab80730bfe708379d29a2e357541cc00b (patch)
tree: b0c036a7a1e55f7fa7c380538b30f1c07fb34ad1
parent: eb3e2e0d73c86d876d48aa6bde9fcf01c761c98f (diff)
download: cryptography-a84c5cdab80730bfe708379d29a2e357541cc00b.tar.gz
cryptography-a84c5cdab80730bfe708379d29a2e357541cc00b.tar.bz2
cryptography-a84c5cdab80730bfe708379d29a2e357541cc00b.zip
2 files changed, 18 insertions, 1 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/encode_asn1.py b/src/cryptography/hazmat/backends/openssl/encode_asn1.py
index 6ff1a9a4..0e92bfce 100644
--- a/src/cryptography/hazmat/backends/openssl/encode_asn1.py
+++ b/src/cryptography/hazmat/backends/openssl/encode_asn1.py
@@ -114,7 +114,7 @@ def _encode_sk_name_entry(backend, attributes):
     for attribute in attributes:
         name_entry = _encode_name_entry(backend, attribute)
         res = backend._lib.sk_X509_NAME_ENTRY_push(stack, name_entry)
-        backend.openssl_assert(res == 1)
+        backend.openssl_assert(res >= 1)
     return stack
 
 
diff --git a/tests/x509/test_x509.py b/tests/x509/test_x509.py
index 4ce4d958..15cfe43d 100644
--- a/tests/x509/test_x509.py
+++ b/tests/x509/test_x509.py
@@ -2598,6 +2598,23 @@ class TestCertificateBuilder(object):
                     crl_issuer=None,
                 )
             ]),
+            x509.FreshestCRL([
+                x509.DistributionPoint(
+                    full_name=None,
+                    relative_name=x509.RelativeDistinguishedName([
+                        x509.NameAttribute(
+                            NameOID.COMMON_NAME,
+                            u"indirect CRL for indirectCRL CA3"
+                        ),
+                        x509.NameAttribute(
+                            NameOID.COUNTRY_NAME,
+                            u"US"
+                        ),
+                    ]),
+                    reasons=None,
+                    crl_issuer=None,
+                )
+            ]),
         ]
     )
     def test_ext(self, add_ext, backend):
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2018-12-01 12:26:54 +0800
committer	Alex Gaynor <alex.gaynor@gmail.com>	2018-11-30 23:26:54 -0500
commit	a84c5cdab80730bfe708379d29a2e357541cc00b (patch)
tree	b0c036a7a1e55f7fa7c380538b30f1c07fb34ad1
parent	eb3e2e0d73c86d876d48aa6bde9fcf01c761c98f (diff)
download	cryptography-a84c5cdab80730bfe708379d29a2e357541cc00b.tar.gz cryptography-a84c5cdab80730bfe708379d29a2e357541cc00b.tar.bz2 cryptography-a84c5cdab80730bfe708379d29a2e357541cc00b.zip