diff options
| author | Manoel Domingues Junior <mdjunior@users.noreply.github.com> | 2015-10-01 14:45:48 -0300 |
|---|---|---|
| committer | Manoel Domingues Junior <mdjunior@users.noreply.github.com> | 2015-10-01 14:45:48 -0300 |
| commit | 0e94257d4396a16efe8ff3170886b80489ea94f8 (patch) | |
| tree | 1f9264add210626f05198c4f32d816116d761f24 /src | |
| parent | 61b2f05da921891c588af45b6ab65abbdfe12f8f (diff) | |
| download | cryptography-0e94257d4396a16efe8ff3170886b80489ea94f8.tar.gz cryptography-0e94257d4396a16efe8ff3170886b80489ea94f8.tar.bz2 cryptography-0e94257d4396a16efe8ff3170886b80489ea94f8.zip | |
Handling path_length when ca is True
Using CertificateBuilder:
builder = builder.add_extension(x509.BasicConstraints(ca=True,path_length=None), critical=True) return TypeError in line 792 because None can't be converted to hex.
In https://tools.ietf.org/html/rfc5280.html#section-4.2.1.9: CAs MUST NOT include the pathLenConstraint field unless the cA boolean is asserted and the key usage extension asserts the keyCertSign bit.
Diffstat (limited to 'src')
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/backend.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index d30bfc29..715624bf 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -235,7 +235,7 @@ def _encode_basic_constraints(backend, basic_constraints): constraints, backend._lib.BASIC_CONSTRAINTS_free ) constraints.ca = 255 if basic_constraints.ca else 0 - if basic_constraints.ca: + if basic_constraints.ca and basic_constraints.path_length != None: constraints.pathlen = _encode_asn1_int( backend, basic_constraints.path_length ) |