diff options
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/x509.py | 9 | ||||
| -rw-r--r-- | tests/test_x509_ext.py | 22 |
2 files changed, 31 insertions, 0 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index 3a660d81..23aa95c4 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -14,6 +14,7 @@ from __future__ import absolute_import, division, print_function import datetime +import ipaddress import idna @@ -94,6 +95,14 @@ def _build_general_name(backend, gn): elif gn.type == backend._lib.GEN_RID: oid = _obj2txt(backend, gn.d.registeredID) return x509.RegisteredID(x509.ObjectIdentifier(oid)) + elif gn.type == backend._lib.GEN_IPADD: + return x509.IPAddress( + ipaddress.ip_address( + backend._ffi.buffer( + gn.d.iPAddress.data, gn.d.iPAddress.length + )[:] + ) + ) else: # otherName, x400Address or ediPartyName raise x509.UnsupportedGeneralNameType( diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py index 881dfbfa..5c35c970 100644 --- a/tests/test_x509_ext.py +++ b/tests/test_x509_ext.py @@ -809,3 +809,25 @@ class TestRSASubjectAlternativeNameExtension(object): u"lo", u"http://someregulardomain.com", ] + + def test_ipaddress(self, backend): + cert = _load_cert( + os.path.join( + "x509", "custom", "san_ipaddr.pem" + ), + x509.load_pem_x509_certificate, + backend + ) + ext = cert.extensions.get_extension_for_oid( + x509.OID_SUBJECT_ALTERNATIVE_NAME + ) + assert ext is not None + assert ext.critical is False + + san = ext.value + + ip = san.get_values_for_type(x509.IPAddress) + assert [ + ipaddress.ip_address(u"127.0.0.1"), + ipaddress.ip_address(u"ff::") + ] == ip |