Clean up code and fix.

author: Alex Gaynor <alex.gaynor@gmail.com> 2015-06-28 11:03:37 -0400
committer: Alex Gaynor <alex.gaynor@gmail.com> 2015-06-28 11:03:37 -0400
commit: 6eeb877becb90f1a8209a8ac4db96e9b440265a6 (patch)
tree: 03e042da354e313432be29f974b3c148c3697b27 /src
parent: d3e84164d9932782beebfb997615bca6f6d30a8b (diff)
download: cryptography-6eeb877becb90f1a8209a8ac4db96e9b440265a6.tar.gz
cryptography-6eeb877becb90f1a8209a8ac4db96e9b440265a6.tar.bz2
cryptography-6eeb877becb90f1a8209a8ac4db96e9b440265a6.zip
2 files changed, 20 insertions, 36 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index c2a3dc2d..22179607 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -115,9 +115,7 @@ def _txt2obj(backend, name):
     return obj
 
 
-def _encode_basic_constraints(backend, basic_constraints, critical):
-    obj = _txt2obj(backend, x509.OID_BASIC_CONSTRAINTS.dotted_string)
-    assert obj is not None
+def _encode_basic_constraints(backend, basic_constraints):
     constraints = backend._lib.BASIC_CONSTRAINTS_new()
     constraints.ca = 255 if basic_constraints.ca else 0
     if basic_constraints.ca:
@@ -132,24 +130,10 @@ def _encode_basic_constraints(backend, basic_constraints, critical):
     pp = backend._ffi.gc(
         pp, lambda pointer: backend._lib.OPENSSL_free(pointer[0])
     )
-
-    # Wrap that in an X509 extension object.
-    extension = backend._lib.X509_EXTENSION_create_by_OBJ(
-        backend._ffi.NULL,
-        obj,
-        1 if critical else 0,
-        _encode_asn1_str(backend, pp[0], r),
-    )
-    assert extension != backend._ffi.NULL
-
-    # Return the wrapped extension.
-    return extension
+    return pp, r
 
 
-def _encode_subject_alt_name(backend, san, critical):
-    obj = _txt2obj(backend, x509.OID_SUBJECT_ALTERNATIVE_NAME.dotted_string)
-    assert obj is not None
-
+def _encode_subject_alt_name(backend, san):
     general_names = backend._lib.GENERAL_NAMES_new()
     assert general_names != backend._ffi.NULL
     # TODO: GC
@@ -176,15 +160,7 @@ def _encode_subject_alt_name(backend, san, critical):
     pp = backend._ffi.gc(
         pp, lambda pointer: backend._lib.OPENSSL_free(pointer[0])
     )
-
-    extension = backend._lib.X509_EXTENSION_create_by_OBJ(
-        backend._ffi.NULL,
-        obj,
-        1 if critical else 0,
-        _encode_asn1_str(backend, pp[0], r)
-    )
-    assert extension != backend._ffi.NULL
-    return extension
+    return pp, r
 
 
 @utils.register_interface(CipherBackend)
@@ -893,19 +869,25 @@ class Backend(object):
         )
         for extension in builder._extensions:
             if isinstance(extension.value, x509.BasicConstraints):
-                extension = _encode_basic_constraints(
-                    self,
-                    extension.value,
-                    extension.critical
+                pp, r = _encode_basic_constraints(
+                    self, extension.value,
                 )
             elif isinstance(extension.value, x509.SubjectAlternativeName):
-                extension = _encode_subject_alt_name(
-                    self,
-                    extension.value,
-                    extension.critical,
+                pp, r = _encode_subject_alt_name(
+                    self, extension.value,
                 )
             else:
                 raise NotImplementedError('Extension not yet supported.')
+
+            obj = _txt2obj(self, extension.oid.dotted_string)
+            extension = backend._lib.X509_EXTENSION_create_by_OBJ(
+                backend._ffi.NULL,
+                obj,
+                1 if extension.critical else 0,
+                _encode_asn1_str(backend, pp[0], r)
+            )
+            assert extension != backend._ffi.NULL
+
             res = self._lib.sk_X509_EXTENSION_push(extensions, extension)
             assert res == 1
         res = self._lib.X509_REQ_add_extensions(x509_req, extensions)
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index 8e361fa2..b387b9ee 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -720,6 +720,8 @@ class _CertificateSigningRequest(object):
                 )
             elif oid == x509.OID_BASIC_CONSTRAINTS:
                 value = _decode_basic_constraints(self._backend, ext)
+            elif oid == x509.OID_SUBJECT_ALTERNATIVE_NAME:
+                value = _decode_subject_alt_name(self._backend, ext)
             elif critical:
                 raise x509.UnsupportedExtension(
                     "{0} is not currently supported".format(oid), oid
author	Alex Gaynor <alex.gaynor@gmail.com>	2015-06-28 11:03:37 -0400
committer	Alex Gaynor <alex.gaynor@gmail.com>	2015-06-28 11:03:37 -0400
commit	6eeb877becb90f1a8209a8ac4db96e9b440265a6 (patch)
tree	03e042da354e313432be29f974b3c148c3697b27 /src
parent	d3e84164d9932782beebfb997615bca6f6d30a8b (diff)
download	cryptography-6eeb877becb90f1a8209a8ac4db96e9b440265a6.tar.gz cryptography-6eeb877becb90f1a8209a8ac4db96e9b440265a6.tar.bz2 cryptography-6eeb877becb90f1a8209a8ac4db96e9b440265a6.zip