2 files changed, 16 insertions, 1 deletions

diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index 637b28cc..bba407db 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -216,11 +216,20 @@ def _encode_subject_alt_name(backend, san):
                 backend._ffi.NULL, data_ptr_ptr, len(alt_name.value)
             )
             if value == backend._ffi.NULL:
+                backend._consume_errors()
                 raise ValueError("Invalid ASN.1 data")
             other_name.type_id = type_id
             other_name.value = value
             gn.type = backend._lib.GEN_OTHERNAME
             gn.d.otherName = other_name
+        elif isinstance(alt_name, x509.RFC822Name):
+            gn = backend._lib.GENERAL_NAME_new()
+            assert gn != backend._ffi.NULL
+            asn1_str = _encode_asn1_str(
+                backend, alt_name._encoded, len(alt_name._encoded)
+            )
+            gn.type = backend._lib.GEN_EMAIL
+            gn.d.rfc822Name = asn1_str
         else:
             raise NotImplementedError(
                 "Only DNSName and RegisteredID supported right now"
diff --git a/tests/test_x509.py b/tests/test_x509.py
index cb617268..2539be47 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -1008,6 +1008,9 @@ class TestCertificateSigningRequestBuilder(object):
                     type_id=x509.ObjectIdentifier("1.2.3.3.3.3"),
                     value=b"0\x03\x02\x01\x05"
                 ),
+                x509.RFC822Name(u"test@example.com"),
+                x509.RFC822Name(u"email"),
+                x509.RFC822Name(u"email@em\xe5\xefl.com"),
             ]),
             critical=False,
         ).sign(private_key, hashes.SHA256(), backend)
@@ -1034,6 +1037,9 @@ class TestCertificateSigningRequestBuilder(object):
                 type_id=x509.ObjectIdentifier("1.2.3.3.3.3"),
                 value=b"0\x03\x02\x01\x05"
             ),
+            x509.RFC822Name(u"test@example.com"),
+            x509.RFC822Name(u"email"),
+            x509.RFC822Name(u"email@em\xe5\xefl.com"),
         ]
 
     def test_invalid_asn1_othername(self, backend):
@@ -1064,7 +1070,7 @@ class TestCertificateSigningRequestBuilder(object):
             ])
         ).add_extension(
             x509.SubjectAlternativeName([
-                x509.RFC822Name(u"test@example.com"),
+                x509.UniformResourceIdentifier(u"http://test.com"),
             ]),
             critical=False,
         )