aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorPaul Kehrer <paul.l.kehrer@gmail.com>2015-07-01 21:07:37 -0500
committerPaul Kehrer <paul.l.kehrer@gmail.com>2015-07-10 11:11:19 -0500
commita72ebaf84b9f41dcd9535ce9481ecc1966a7a930 (patch)
tree98a87d0ce87feea26171a09730ad340a486745c3 /src
parentcfb8aa2f39095d33d19b17123aed065dd5e9efd3 (diff)
downloadcryptography-a72ebaf84b9f41dcd9535ce9481ecc1966a7a930.tar.gz
cryptography-a72ebaf84b9f41dcd9535ce9481ecc1966a7a930.tar.bz2
cryptography-a72ebaf84b9f41dcd9535ce9481ecc1966a7a930.zip
simplify and handle /32 and /128
Diffstat (limited to 'src')
-rw-r--r--src/cryptography/hazmat/backends/openssl/x509.py10
1 files changed, 7 insertions, 3 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index c2a32b2a..0aa2e2da 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -154,10 +154,14 @@ def _decode_general_name(backend, gn):
# find the first 0 bit, which will be the prefix. If another 1
# bit is present after that the netmask is invalid.
base = ipaddress.ip_address(data[:data_len // 2])
- netmask = utils.int_from_bytes(data[data_len // 2:], 'big')
- bits = bin(netmask)[2:]
+ netmask = ipaddress.ip_address(data[data_len // 2:])
+ bits = bin(int(netmask))[2:]
prefix = bits.find('0')
- if bits[prefix:].find('1') != -1:
+ # If no 0 bits are found it is a /32 or /128
+ if prefix == -1:
+ prefix = len(bits)
+
+ if b"1" in bits[prefix:]:
raise ValueError("Invalid netmask")
ip = ipaddress.ip_network(base.exploded + u"/{0}".format(prefix))
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-04 20:12:06 +0000