diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2016-03-11 23:40:12 -0400 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2016-03-12 09:12:02 -0400 |
| commit | ab973321f6012626e63420603c34e2975f42f237 (patch) | |
| tree | dc42bb4e6f69a5a0b6cdcfe5da20b001566764bf | |
| parent | 5c66c183913b1f94930100bd0543b8533584a761 (diff) | |
| download | cryptography-ab973321f6012626e63420603c34e2975f42f237.tar.gz cryptography-ab973321f6012626e63420603c34e2975f42f237.tar.bz2 cryptography-ab973321f6012626e63420603c34e2975f42f237.zip | |
raise type error rather than internalerror w/ unsupported asn1 in subject
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/decode_asn1.py | 6 | ||||
| -rw-r--r-- | tests/test_x509.py | 12 |
2 files changed, 17 insertions, 1 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/decode_asn1.py b/src/cryptography/hazmat/backends/openssl/decode_asn1.py index 140d3de4..67586c22 100644 --- a/src/cryptography/hazmat/backends/openssl/decode_asn1.py +++ b/src/cryptography/hazmat/backends/openssl/decode_asn1.py @@ -709,7 +709,11 @@ def _asn1_string_to_ascii(backend, asn1_string): def _asn1_string_to_utf8(backend, asn1_string): buf = backend._ffi.new("unsigned char **") res = backend._lib.ASN1_STRING_to_UTF8(buf, asn1_string) - backend.openssl_assert(res >= 0) + if res == -1: + raise TypeError( + "Unsupported ASN1 string type. Type: {0}".format(asn1_string.type) + ) + backend.openssl_assert(buf[0] != backend._ffi.NULL) buf = backend._ffi.gc( buf, lambda buffer: backend._lib.OPENSSL_free(buffer[0]) diff --git a/tests/test_x509.py b/tests/test_x509.py index c042169c..8a801f2d 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -3157,6 +3157,18 @@ class TestDSACertificateRequest(object): verifier.verify() +@pytest.mark.requires_backend_interface(interface=X509Backend) +class TestGOSTCertificate(object): + def test_numeric_string_x509_name_entry(self, backend): + cert = _load_cert( + os.path.join("x509", "e-trust.ru.der"), + x509.load_der_x509_certificate, + backend + ) + with pytest.raises(TypeError): + cert.subject + + @pytest.mark.requires_backend_interface(interface=EllipticCurveBackend) @pytest.mark.requires_backend_interface(interface=X509Backend) class TestECDSACertificate(object): |