diff options
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/backend.py | 9 | ||||
| -rw-r--r-- | tests/test_x509.py | 12 |
2 files changed, 21 insertions, 0 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index d6493778..194f295c 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -171,6 +171,15 @@ def _encode_subject_alt_name(backend, san): ) assert obj != backend._ffi.NULL gn.d.registeredID = obj + elif isinstance(alt_name, x509.DirectoryName): + gn = backend._lib.GENERAL_NAME_new() + assert gn != backend._ffi.NULL + name = _encode_name(backend, alt_name.value) + # _encode_name registers the X509_NAME for gc so we'll duplicate + # a new one that is not gc'd for the struct + name = backend._lib.X509_NAME_dup(name) + gn.type = backend._lib.GEN_DIRNAME + gn.d.directoryName = name else: raise NotImplementedError( "Only DNSName and RegisteredID supported right now" diff --git a/tests/test_x509.py b/tests/test_x509.py index ccb24d7f..00d36909 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -975,6 +975,12 @@ class TestCertificateSigningRequestBuilder(object): x509.DNSName(u"example.com"), x509.DNSName(u"*.example.com"), x509.RegisteredID(x509.ObjectIdentifier("1.2.3.4.5.6.7")), + x509.DirectoryName(x509.Name([ + x509.NameAttribute(x509.OID_COMMON_NAME, u'PyCA'), + x509.NameAttribute( + x509.OID_ORGANIZATION_NAME, u'We heart UTF8!\u2122' + ) + ])), ]), critical=False, ).sign(private_key, hashes.SHA256(), backend) @@ -989,6 +995,12 @@ class TestCertificateSigningRequestBuilder(object): x509.DNSName(u"example.com"), x509.DNSName(u"*.example.com"), x509.RegisteredID(x509.ObjectIdentifier("1.2.3.4.5.6.7")), + x509.DirectoryName(x509.Name([ + x509.NameAttribute(x509.OID_COMMON_NAME, u'PyCA'), + x509.NameAttribute( + x509.OID_ORGANIZATION_NAME, u'We heart UTF8!\u2122' + ), + ])), ] def test_subject_alt_name_unsupported_general_name(self, backend): |