diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2015-04-21 20:28:01 -0400 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2015-04-21 20:28:01 -0400 |
| commit | 7f817d5262084fcb01fc8b8a1a4f9728e7887bff (patch) | |
| tree | 6bd82c5b68a8f1921a689504e18dd1f23d314d55 /src | |
| parent | 42363224318ead52cad80604622131d379a767a7 (diff) | |
| parent | fda410e06c6b82878f943273b29b55b41217dc74 (diff) | |
| download | cryptography-7f817d5262084fcb01fc8b8a1a4f9728e7887bff.tar.gz cryptography-7f817d5262084fcb01fc8b8a1a4f9728e7887bff.tar.bz2 cryptography-7f817d5262084fcb01fc8b8a1a4f9728e7887bff.zip | |
Merge pull request #1855 from reaperhulk/subject-alt-name
Support Subject Alternative Name in the OpenSSL backend
Diffstat (limited to 'src')
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/x509.py | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index 57e6146b..dcde5e73 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -15,6 +15,8 @@ from __future__ import absolute_import, division, print_function import datetime +import idna + from cryptography import utils, x509 from cryptography.exceptions import UnsupportedAlgorithm from cryptography.hazmat.primitives import hashes @@ -57,6 +59,12 @@ def _build_x509_name(backend, x509_name): return x509.Name(attributes) +def _build_general_name(backend, gn): + if gn.type == backend._lib.GEN_DNS: + data = backend._ffi.buffer(gn.d.dNSName.data, gn.d.dNSName.length)[:] + return x509.DNSName(idna.decode(data)) + + @utils.register_interface(x509.Certificate) class _Certificate(object): def __init__(self, backend, x509): @@ -173,6 +181,8 @@ class _Certificate(object): value = self._build_subject_key_identifier(ext) elif oid == x509.OID_KEY_USAGE: value = self._build_key_usage(ext) + elif oid == x509.OID_SUBJECT_ALTERNATIVE_NAME: + value = self._build_subject_alt_name(ext) elif critical: raise x509.UnsupportedExtension( "{0} is not currently supported".format(oid), oid @@ -254,6 +264,24 @@ class _Certificate(object): decipher_only ) + def _build_subject_alt_name(self, ext): + gns = self._backend._ffi.cast( + "GENERAL_NAMES *", self._backend._lib.X509V3_EXT_d2i(ext) + ) + assert gns != self._backend._ffi.NULL + gns = self._backend._ffi.gc(gns, self._backend._lib.GENERAL_NAMES_free) + num = self._backend._lib.sk_GENERAL_NAME_num(gns) + general_names = [] + + for i in range(num): + gn = self._backend._lib.sk_GENERAL_NAME_value(gns, i) + assert gn != self._backend._ffi.NULL + value = _build_general_name(self._backend, gn) + + general_names.append(value) + + return x509.SubjectAlternativeName(general_names) + @utils.register_interface(x509.CertificateSigningRequest) class _CertificateSigningRequest(object): |