diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-12-26 18:09:52 -0600 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-12-27 11:22:16 -0600 |
| commit | 9d345312d5ff22cd40d2359dc1765170badf42ea (patch) | |
| tree | c09c007cd5ae3bb50f58255fc1d15c645b7860df /src | |
| parent | d5d0a3102b609907f2dfadad8e0da10374475697 (diff) | |
| download | cryptography-9d345312d5ff22cd40d2359dc1765170badf42ea.tar.gz cryptography-9d345312d5ff22cd40d2359dc1765170badf42ea.tar.bz2 cryptography-9d345312d5ff22cd40d2359dc1765170badf42ea.zip | |
Support EC and DSA signing of CRLs in the OpenSSL backend
Diffstat (limited to 'src')
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/backend.py | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index 38fe0772..e8b0322e 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -1453,16 +1453,17 @@ class Backend(object): if not isinstance(algorithm, hashes.HashAlgorithm): raise TypeError('Algorithm must be a registered hash algorithm.') - if isinstance(private_key, _DSAPrivateKey): - raise NotImplementedError( - "CRL signatures aren't implemented for DSA" - " keys at this time." - ) - if isinstance(private_key, _EllipticCurvePrivateKey): - raise NotImplementedError( - "CRL signatures aren't implemented for EC" - " keys at this time." - ) + if self._lib.OPENSSL_VERSION_NUMBER <= 0x10001000: + if isinstance(private_key, _DSAPrivateKey): + raise NotImplementedError( + "CRL signatures aren't implemented for DSA" + " keys on OpenSSL versions less than 1.0.1." + ) + if isinstance(private_key, _EllipticCurvePrivateKey): + raise NotImplementedError( + "CRL signatures aren't implemented for EC" + " keys on OpenSSL versions less than 1.0.1." + ) evp_md = self._lib.EVP_get_digestbyname( algorithm.name.encode('ascii') |