diff options
author | Alex Gaynor <alex.gaynor@gmail.com> | 2015-05-02 20:27:39 -0400 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2015-05-02 20:27:39 -0400 |
commit | 43ffcc267c8d7e35f58db4d8d7262de2bcf5db70 (patch) | |
tree | 5f476d64078130dfd525164106368c8d99fce305 /src | |
parent | b3c81f86f9677e77ff3c42fefeb2c1bc94dd063c (diff) | |
parent | e518faefba934a2bbf2589458170d50a69f9bdfc (diff) | |
download | cryptography-43ffcc267c8d7e35f58db4d8d7262de2bcf5db70.tar.gz cryptography-43ffcc267c8d7e35f58db4d8d7262de2bcf5db70.tar.bz2 cryptography-43ffcc267c8d7e35f58db4d8d7262de2bcf5db70.zip |
Merge pull request #1881 from reaperhulk/san-rfc822name
add support for rfc822name general names
Diffstat (limited to 'src')
-rw-r--r-- | src/cryptography/hazmat/backends/openssl/x509.py | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index 7f633c76..4ba66bb7 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -15,6 +15,7 @@ from __future__ import absolute_import, division, print_function import datetime import ipaddress +from email.utils import parseaddr import idna @@ -107,6 +108,27 @@ def _build_general_name(backend, gn): return x509.DirectoryName( _build_x509_name(backend, gn.d.directoryName) ) + elif gn.type == backend._lib.GEN_EMAIL: + data = backend._ffi.buffer( + gn.d.rfc822Name.data, gn.d.rfc822Name.length + )[:].decode("ascii") + name, address = parseaddr(data) + parts = address.split(u"@") + if name or len(parts) > 2 or not address: + # parseaddr has found a name (e.g. Name <email>) or the split + # has found more than 2 parts (which means more than one @ sign) + # or the entire value is an empty string. + raise ValueError("Invalid rfc822name value") + elif len(parts) == 1: + # Single label email name. This is valid for local delivery. No + # IDNA decoding can be done since there is no domain component. + return x509.RFC822Name(address) + else: + # A normal email of the form user@domain.com. Let's attempt to + # decode the domain component and return the entire address. + return x509.RFC822Name( + parts[0] + u"@" + idna.decode(parts[1]) + ) else: # otherName, x400Address or ediPartyName raise x509.UnsupportedGeneralNameType( |