diff options
author | Dominic Chen <d.c.ddcc@gmail.com> | 2015-10-09 00:23:07 -0400 |
---|---|---|
committer | Dominic Chen <d.c.ddcc@gmail.com> | 2015-10-10 05:15:46 +0000 |
commit | 87bb9579202ba94df593ae197fd85c22ac1a023c (patch) | |
tree | 8b51772757633cc31528d7187277124146291f2c /tests/test_x509_ext.py | |
parent | 450d9797a2320f85aff317e5cab39cc2339eabec (diff) | |
download | cryptography-87bb9579202ba94df593ae197fd85c22ac1a023c.tar.gz cryptography-87bb9579202ba94df593ae197fd85c22ac1a023c.tar.bz2 cryptography-87bb9579202ba94df593ae197fd85c22ac1a023c.zip |
fix to handle malformed certificates without hostname
Diffstat (limited to 'tests/test_x509_ext.py')
-rw-r--r-- | tests/test_x509_ext.py | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py index 85373973..1bc14620 100644 --- a/tests/test_x509_ext.py +++ b/tests/test_x509_ext.py @@ -1555,6 +1555,21 @@ class TestRSASubjectAlternativeNameExtension(object): u'saseliminator.com' ] + def test_san_empty_hostname(self, backend): + cert = _load_cert( + os.path.join( + "x509", "custom", "san_empty_hostname.pem" + ), + x509.load_pem_x509_certificate, + backend + ) + san = cert.extensions.get_extension_for_oid( + ExtensionOID.SUBJECT_ALTERNATIVE_NAME + ) + + dns = san.value.get_values_for_type(x509.DNSName) + assert dns == [u''] + def test_san_wildcard_idna_dns_name(self, backend): cert = _load_cert( os.path.join("x509", "custom", "san_wildcard_idna.pem"), @@ -2903,6 +2918,30 @@ class TestCRLDistributionPointsExtension(object): ) ]) + def test_crl_empty_hostname(self, backend): + cert = _load_cert( + os.path.join( + "x509", "custom", "cdp_empty_hostname.pem" + ), + x509.load_pem_x509_certificate, + backend + ) + + cdps = cert.extensions.get_extension_for_oid( + ExtensionOID.CRL_DISTRIBUTION_POINTS + ).value + + assert cdps == x509.CRLDistributionPoints([ + x509.DistributionPoint( + full_name=[x509.UniformResourceIdentifier( + u"ldap:/CN=A,OU=B,dc=C,DC=D?E?F?G?H=I" + )], + relative_name=None, + reasons=None, + crl_issuer=None + ) + ]) + @pytest.mark.requires_backend_interface(interface=RSABackend) @pytest.mark.requires_backend_interface(interface=X509Backend) |