diff options
author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-08-22 16:29:48 -0500 |
---|---|---|
committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-08-22 16:29:48 -0500 |
commit | 4b4efb606a0dc98b52c4abce9977fe03a80f98b6 (patch) | |
tree | 4c2530f19d4cf078345529a23362d1fc9bab51dd /src | |
parent | c12acccca5608033be30a04a197d234e2233220c (diff) | |
download | cryptography-4b4efb606a0dc98b52c4abce9977fe03a80f98b6.tar.gz cryptography-4b4efb606a0dc98b52c4abce9977fe03a80f98b6.tar.bz2 cryptography-4b4efb606a0dc98b52c4abce9977fe03a80f98b6.zip |
set the default stringmask to utf8
This corrects a problem where older OpenSSL versions don't do this by
default. fixes #2291
Diffstat (limited to 'src')
-rw-r--r-- | src/cryptography/hazmat/backends/openssl/backend.py | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index 9eae69c7..8c4abcd6 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -521,6 +521,12 @@ class Backend(object): self._ffi = self._binding.ffi self._lib = self._binding.lib + # Set the default string mask for encoding ASN1 strings to UTF8. This + # is the default for newer OpenSSLs for several years and is + # recommended in RFC 2459. + res = self._lib.ASN1_STRING_set_default_mask_asc(b"utf8only") + assert res == 1 + self._binding.init_static_locks() # adds all ciphers/digests for EVP |