diff options
| author | Ian Cordasco <graffatcolmingov@gmail.com> | 2015-07-19 10:05:40 -0500 |
|---|---|---|
| committer | Ian Cordasco <graffatcolmingov@gmail.com> | 2015-07-19 10:05:40 -0500 |
| commit | e8fd93c2083281395984abe4e49c63958427d918 (patch) | |
| tree | 853fde9b7cfcad9b1afc56431b97fa9d8e540dda | |
| parent | 43ae7387cc20b70ea71e262813d2d24af99f0b08 (diff) | |
| download | cryptography-e8fd93c2083281395984abe4e49c63958427d918.tar.gz cryptography-e8fd93c2083281395984abe4e49c63958427d918.tar.bz2 cryptography-e8fd93c2083281395984abe4e49c63958427d918.zip | |
Construct extensions like a CSR
- Use _encode_basic_constraints appropriately
- Create an appropriate object from the oid dotted string
- Create the X509 Extension appropriately
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/backend.py | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index 1c912e6c..5b9f0759 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -1043,14 +1043,17 @@ class Backend(object): # Add extensions. for i, extension in enumerate(builder._extensions): if isinstance(extension.value, x509.BasicConstraints): - extension = _encode_basic_constraints( - self, - extension.value.ca, - extension.value.path_length, - extension.critical - ) + pp, r = _encode_basic_constraints(self, extension.value) else: raise ValueError('Extension not yet supported.') + + obj = _txt2obj(self, extension.oid.dotted_string) + extension = self._lib.X509_EXTENSION_create_by_OBJ( + self._ffi.NULL, + obj, + 1 if extension.critical else 0, + _encode_asn1_str_gc(self, pp[0], r) + ) res = self._lib.X509_add_ext(x509_cert, extension, i) assert res == 1 |