aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorPaul Kehrer <paul.l.kehrer@gmail.com>2016-03-14 22:24:58 -0400
committerPaul Kehrer <paul.l.kehrer@gmail.com>2016-03-14 22:24:58 -0400
commit9d7196d7f8a45667b27ae0d7378d7486b60c9229 (patch)
tree39115367a69165310f08b97045ca24020da92512 /src
parente8d6a9c262950b8dd6f7671b61383e8c5fe396f7 (diff)
parentb2729914013900c276d559165e479896649a1b5c (diff)
downloadcryptography-9d7196d7f8a45667b27ae0d7378d7486b60c9229.tar.gz
cryptography-9d7196d7f8a45667b27ae0d7378d7486b60c9229.tar.bz2
cryptography-9d7196d7f8a45667b27ae0d7378d7486b60c9229.zip
Merge pull request #2828 from alex/unreocgnized-extension
Fixed #2747 -- allow creating x509 exts with unknown extensions
Diffstat (limited to 'src')
-rw-r--r--src/cryptography/hazmat/backends/openssl/backend.py47
1 files changed, 32 insertions, 15 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index c6ede932..5ce2489c 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -31,8 +31,7 @@ from cryptography.hazmat.backends.openssl.ec import (
from cryptography.hazmat.backends.openssl.encode_asn1 import (
_CRL_ENTRY_EXTENSION_ENCODE_HANDLERS,
_CRL_EXTENSION_ENCODE_HANDLERS, _EXTENSION_ENCODE_HANDLERS,
- _encode_asn1_int_gc, _encode_asn1_str_gc, _encode_name_gc,
- _txt2obj_gc,
+ _encode_asn1_int_gc, _encode_asn1_str_gc, _encode_name_gc, _txt2obj_gc,
)
from cryptography.hazmat.backends.openssl.hashes import _HashContext
from cryptography.hazmat.backends.openssl.hmac import _HMACContext
@@ -968,6 +967,31 @@ class Backend(object):
def _create_x509_extensions(self, extensions, handlers, x509_obj,
add_func, gc):
for i, extension in enumerate(extensions):
+ x509_extension = self._create_x509_extension(
+ handlers, extension
+ )
+ self.openssl_assert(x509_extension != self._ffi.NULL)
+
+ if gc:
+ x509_extension = self._ffi.gc(
+ x509_extension, self._lib.X509_EXTENSION_free
+ )
+ res = add_func(x509_obj, x509_extension, i)
+ self.openssl_assert(res >= 1)
+
+ def _create_x509_extension(self, handlers, extension):
+ if isinstance(extension.value, x509.UnrecognizedExtension):
+ obj = _txt2obj_gc(self, extension.oid.dotted_string)
+ value = _encode_asn1_str_gc(
+ self, extension.value.value, len(extension.value.value)
+ )
+ return self._lib.X509_EXTENSION_create_by_OBJ(
+ self._ffi.NULL,
+ obj,
+ 1 if extension.critical else 0,
+ value
+ )
+ else:
try:
encode = handlers[extension.oid]
except KeyError:
@@ -987,32 +1011,25 @@ class Backend(object):
x509_extension == self._ffi.NULL and
extension.oid == x509.OID_CERTIFICATE_ISSUER
):
- # This path exists to support OpenSSL 0.9.8, which does
- # not know how to encode a CERTIFICATE_ISSUER for CRLs. Once we
+ # This path exists to support OpenSSL 0.9.8, which does not
+ # know how to encode a CERTIFICATE_ISSUER for CRLs. Once we
# drop 0.9.8 support we can remove this.
self._consume_errors()
pp = backend._ffi.new("unsigned char **")
r = self._lib.i2d_GENERAL_NAMES(ext_struct, pp)
backend.openssl_assert(r > 0)
pp = backend._ffi.gc(
- pp, lambda pointer: backend._lib.OPENSSL_free(pointer[0])
+ pp,
+ lambda pointer: backend._lib.OPENSSL_free(pointer[0])
)
obj = _txt2obj_gc(self, extension.oid.dotted_string)
- x509_extension = self._lib.X509_EXTENSION_create_by_OBJ(
+ return self._lib.X509_EXTENSION_create_by_OBJ(
self._ffi.NULL,
obj,
1 if extension.critical else 0,
_encode_asn1_str_gc(self, pp[0], r)
)
-
- self.openssl_assert(x509_extension != self._ffi.NULL)
-
- if gc:
- x509_extension = self._ffi.gc(
- x509_extension, self._lib.X509_EXTENSION_free
- )
- res = add_func(x509_obj, x509_extension, i)
- self.openssl_assert(res >= 1)
+ return x509_extension
def create_x509_revoked_certificate(self, builder):
if not isinstance(builder, x509.RevokedCertificateBuilder):
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-05 12:18:50 +0000