diff options
| -rw-r--r-- | src/cryptography/x509.py | 4 | ||||
| -rw-r--r-- | tests/test_x509.py | 12 |
2 files changed, 15 insertions, 1 deletions
diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py index 668bc2ef..a091cd78 100644 --- a/src/cryptography/x509.py +++ b/src/cryptography/x509.py @@ -1472,6 +1472,10 @@ class CertificateSigningRequestBuilder(object): extension = Extension( OID_SUBJECT_ALTERNATIVE_NAME, critical, extension ) + elif isinstance(extension, KeyUsage): + extension = Extension( + OID_KEY_USAGE, critical, extension + ) else: raise NotImplementedError('Unsupported X.509 extension.') # TODO: This is quadratic in the number of extensions diff --git a/tests/test_x509.py b/tests/test_x509.py index 64a59237..133f0535 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -864,7 +864,17 @@ class TestCertificateSigningRequestBuilder(object): x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), ]) ).add_extension( - x509.SubjectAlternativeName([x509.DNSName(u"cryptography.io")]), + x509.KeyUsage( + digital_signature=True, + content_commitment=True, + key_encipherment=False, + data_encipherment=False, + key_agreement=False, + key_cert_sign=True, + crl_sign=False, + encipher_only=False, + decipher_only=False + ), critical=False, ) with pytest.raises(NotImplementedError): |