diff options
author | Alex Gaynor <alex.gaynor@gmail.com> | 2015-04-21 20:39:29 -0400 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2015-04-21 20:39:29 -0400 |
commit | e37ca984fcf093f4382eb3f19abf10b0862600da (patch) | |
tree | 18e6bb37bcb14639d0e533603d10d11792567978 | |
parent | 7f817d5262084fcb01fc8b8a1a4f9728e7887bff (diff) | |
parent | d04b39b253916223e9dd99831586822a4f9a2fc1 (diff) | |
download | cryptography-e37ca984fcf093f4382eb3f19abf10b0862600da.tar.gz cryptography-e37ca984fcf093f4382eb3f19abf10b0862600da.tar.bz2 cryptography-e37ca984fcf093f4382eb3f19abf10b0862600da.zip |
Merge pull request #1857 from reaperhulk/san-check-list-elements
add a check to require that the list passed to SAN is all general names
-rw-r--r-- | src/cryptography/x509.py | 6 | ||||
-rw-r--r-- | tests/test_x509_ext.py | 6 |
2 files changed, 12 insertions, 0 deletions
diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py index cdc0e430..898ab6c7 100644 --- a/src/cryptography/x509.py +++ b/src/cryptography/x509.py @@ -542,6 +542,12 @@ class IPAddress(object): class SubjectAlternativeName(object): def __init__(self, general_names): + if not all(isinstance(x, GeneralName) for x in general_names): + raise TypeError( + "Every item in the general_names list must be an " + "object conforming to the GeneralName interface" + ) + self._general_names = general_names def __iter__(self): diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py index 2fa659ef..a7e04156 100644 --- a/tests/test_x509_ext.py +++ b/tests/test_x509_ext.py @@ -721,6 +721,12 @@ class TestSubjectAlternativeName(object): x509.DNSName(six.u("crypto.local")), ] + def test_invalid_general_names(self): + with pytest.raises(TypeError): + x509.SubjectAlternativeName( + [x509.DNSName(six.u("cryptography.io")), "invalid"] + ) + def test_repr(self): san = x509.SubjectAlternativeName( [ |