Merge pull request #2118 from reaperhulk/support-rid-encoding

support registeredID general name encoding
author: Alex Gaynor <alex.gaynor@gmail.com> 2015-07-06 06:36:33 -0400
committer: Alex Gaynor <alex.gaynor@gmail.com> 2015-07-06 06:36:33 -0400
commit: ad8f19d1f4210f010aa275b2d63242cf98475c2b (patch)
tree: 732ba2ce9d3884155e80cd7e6d160be759badabe
parent: 5b57cbfbd735604a9589cb0cf8950ec858b94f7d (diff)
parent: a9e5a21b7fba1acf82fd2c437a7faf888078b9cc (diff)
download: cryptography-ad8f19d1f4210f010aa275b2d63242cf98475c2b.tar.gz
cryptography-ad8f19d1f4210f010aa275b2d63242cf98475c2b.tar.bz2
cryptography-ad8f19d1f4210f010aa275b2d63242cf98475c2b.zip
2 files changed, 14 insertions, 1 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index bbec6185..d6493778 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -162,8 +162,19 @@ def _encode_subject_alt_name(backend, san):
             res = backend._lib.ASN1_STRING_set(ia5, value, len(value))
             assert res == 1
             gn.d.dNSName = ia5
+        elif isinstance(alt_name, x509.RegisteredID):
+            gn = backend._lib.GENERAL_NAME_new()
+            assert gn != backend._ffi.NULL
+            gn.type = backend._lib.GEN_RID
+            obj = backend._lib.OBJ_txt2obj(
+                alt_name.value.dotted_string.encode('ascii'), 1
+            )
+            assert obj != backend._ffi.NULL
+            gn.d.registeredID = obj
         else:
-            raise NotImplementedError("Only DNSNames are supported right now")
+            raise NotImplementedError(
+                "Only DNSName and RegisteredID supported right now"
+            )
 
         res = backend._lib.sk_GENERAL_NAME_push(general_names, gn)
         assert res != 0
diff --git a/tests/test_x509.py b/tests/test_x509.py
index 78552978..90b3fe5f 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -922,6 +922,7 @@ class TestCertificateSigningRequestBuilder(object):
             x509.SubjectAlternativeName([
                 x509.DNSName(u"example.com"),
                 x509.DNSName(u"*.example.com"),
+                x509.RegisteredID(x509.ObjectIdentifier("1.2.3.4.5.6.7")),
             ]),
             critical=False,
         ).sign(private_key, hashes.SHA256(), backend)
@@ -935,6 +936,7 @@ class TestCertificateSigningRequestBuilder(object):
         assert list(ext.value) == [
             x509.DNSName(u"example.com"),
             x509.DNSName(u"*.example.com"),
+            x509.RegisteredID(x509.ObjectIdentifier("1.2.3.4.5.6.7")),
         ]
 
     def test_subject_alt_name_unsupported_general_name(self, backend):
author	Alex Gaynor <alex.gaynor@gmail.com>	2015-07-06 06:36:33 -0400
committer	Alex Gaynor <alex.gaynor@gmail.com>	2015-07-06 06:36:33 -0400
commit	ad8f19d1f4210f010aa275b2d63242cf98475c2b (patch)
tree	732ba2ce9d3884155e80cd7e6d160be759badabe
parent	5b57cbfbd735604a9589cb0cf8950ec858b94f7d (diff)
parent	a9e5a21b7fba1acf82fd2c437a7faf888078b9cc (diff)
download	cryptography-ad8f19d1f4210f010aa275b2d63242cf98475c2b.tar.gz cryptography-ad8f19d1f4210f010aa275b2d63242cf98475c2b.tar.bz2 cryptography-ad8f19d1f4210f010aa275b2d63242cf98475c2b.zip