diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-05-15 09:01:34 -0700 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-05-18 18:55:29 -0700 |
| commit | b896881ea87c0a019a5e18a507c7c265b259a4d3 (patch) | |
| tree | 9e3b138845027fc339e1a2679988bdd024568f57 | |
| parent | d0a66e7ea409a9a152c6dbc7a85f42ad1cc9148a (diff) | |
| download | cryptography-b896881ea87c0a019a5e18a507c7c265b259a4d3.tar.gz cryptography-b896881ea87c0a019a5e18a507c7c265b259a4d3.tar.bz2 cryptography-b896881ea87c0a019a5e18a507c7c265b259a4d3.zip | |
add test to confirm IDNA2003 is disallowed
document that this is a possible exception
| -rw-r--r-- | docs/x509.rst | 3 | ||||
| -rw-r--r-- | tests/test_x509_ext.py | 11 |
2 files changed, 14 insertions, 0 deletions
diff --git a/docs/x509.rst b/docs/x509.rst index c8505a87..c570f196 100644 --- a/docs/x509.rst +++ b/docs/x509.rst @@ -313,6 +313,9 @@ X.509 Certificate Object :raises cryptography.x509.UnsupportedGeneralNameType: If an extension contains a general name that is not supported. + :raises UnicodeError: If an extension contains IDNA encoding that is + invalid or not compliant with IDNA 2008. + .. doctest:: >>> for ext in cert.extensions: diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py index d3488a9f..20a016b6 100644 --- a/tests/test_x509_ext.py +++ b/tests/test_x509_ext.py @@ -1332,6 +1332,17 @@ class TestRSASubjectAlternativeNameExtension(object): rfc822name = san.get_values_for_type(x509.RFC822Name) assert [u"email@em\xe5\xefl.com"] == rfc822name + def test_idna2003_invalid(self, backend): + cert = _load_cert( + os.path.join( + "x509", "custom", "san_idna2003_dnsname.pem" + ), + x509.load_pem_x509_certificate, + backend + ) + with pytest.raises(UnicodeError): + cert.extensions + def test_unicode_rfc822_name_dns_name_uri(self, backend): cert = _load_cert( os.path.join( |