aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorAlex Gaynor <alex.gaynor@gmail.com>2017-05-25 21:11:09 -0400
committerPaul Kehrer <paul.l.kehrer@gmail.com>2017-05-25 20:11:09 -0500
commit978a5e96473c2ce877151fa4e24917bac92ddaa8 (patch)
tree84813a8a8567a732e7f494f562bbe05d3d8df273 /src
parentfebbfb36a17d42a927a4ac7d5e53a80d9b8e6fdb (diff)
downloadcryptography-978a5e96473c2ce877151fa4e24917bac92ddaa8.tar.gz
cryptography-978a5e96473c2ce877151fa4e24917bac92ddaa8.tar.bz2
cryptography-978a5e96473c2ce877151fa4e24917bac92ddaa8.zip
jurisdictionCountryName also must be PrintableString (#3516)
* jurisdictionCountryName also must be PrintableString * flake8 + citation * Write a test, which fails. If my analysis is correct, this is blocked on: https://github.com/openssl/openssl/pull/3284 * This is only true on 1.1.0 * clearly express the version requirement
Diffstat (limited to 'src')
-rw-r--r--src/_cffi_src/openssl/cryptography.py7
-rw-r--r--src/cryptography/hazmat/backends/openssl/encode_asn1.py7
2 files changed, 11 insertions, 3 deletions
diff --git a/src/_cffi_src/openssl/cryptography.py b/src/_cffi_src/openssl/cryptography.py
index aa01c833..fe5055f1 100644
--- a/src/_cffi_src/openssl/cryptography.py
+++ b/src/_cffi_src/openssl/cryptography.py
@@ -27,8 +27,12 @@ INCLUDES = """
#define CRYPTOGRAPHY_OPENSSL_102BETA2_OR_GREATER \
(OPENSSL_VERSION_NUMBER >= 0x10002002 && !CRYPTOGRAPHY_IS_LIBRESSL)
+#define CRYPTOGRAPHY_OPENSSL_102L_OR_GREATER \
+ (OPENSSL_VERSION_NUMBER >= 0x100020cf && !CRYPTOGRAPHY_IS_LIBRESSL)
#define CRYPTOGRAPHY_OPENSSL_110_OR_GREATER \
(OPENSSL_VERSION_NUMBER >= 0x10100000 && !CRYPTOGRAPHY_IS_LIBRESSL)
+#define CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER \
+ (OPENSSL_VERSION_NUMBER >= 0x1010006f && !CRYPTOGRAPHY_IS_LIBRESSL)
#define CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 \
(OPENSSL_VERSION_NUMBER < 0x10002000 || CRYPTOGRAPHY_IS_LIBRESSL)
@@ -47,10 +51,11 @@ INCLUDES = """
"""
TYPES = """
+static const int CRYPTOGRAPHY_OPENSSL_102L_OR_GREATER;
static const int CRYPTOGRAPHY_OPENSSL_110_OR_GREATER;
+static const int CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER;
static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_102I;
-
static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_102;
static const int CRYPTOGRAPHY_IS_LIBRESSL;
diff --git a/src/cryptography/hazmat/backends/openssl/encode_asn1.py b/src/cryptography/hazmat/backends/openssl/encode_asn1.py
index 3b784861..dc1f61a0 100644
--- a/src/cryptography/hazmat/backends/openssl/encode_asn1.py
+++ b/src/cryptography/hazmat/backends/openssl/encode_asn1.py
@@ -120,9 +120,12 @@ def _encode_sk_name_entry(backend, attributes):
def _encode_name_entry(backend, attribute):
value = attribute.value.encode('utf8')
obj = _txt2obj_gc(backend, attribute.oid.dotted_string)
- if attribute.oid == NameOID.COUNTRY_NAME:
+ if attribute.oid in [
+ NameOID.COUNTRY_NAME, NameOID.JURISDICTION_COUNTRY_NAME
+ ]:
# Per RFC5280 Appendix A.1 countryName should be encoded as
- # PrintableString, not UTF8String
+ # PrintableString, not UTF8String. EV Guidelines section 9.2.5 says
+ # jurisdictionCountryName follows the same rules as countryName.
type = backend._lib.MBSTRING_ASC
else:
type = backend._lib.MBSTRING_UTF8
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-04 08:45:08 +0000