diff options
-rw-r--r-- | docs/x509.rst | 3 | ||||
-rw-r--r-- | tests/test_x509_ext.py | 11 |
2 files changed, 14 insertions, 0 deletions
diff --git a/docs/x509.rst b/docs/x509.rst index c8505a87..c570f196 100644 --- a/docs/x509.rst +++ b/docs/x509.rst @@ -313,6 +313,9 @@ X.509 Certificate Object :raises cryptography.x509.UnsupportedGeneralNameType: If an extension contains a general name that is not supported. + :raises UnicodeError: If an extension contains IDNA encoding that is + invalid or not compliant with IDNA 2008. + .. doctest:: >>> for ext in cert.extensions: diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py index d3488a9f..20a016b6 100644 --- a/tests/test_x509_ext.py +++ b/tests/test_x509_ext.py @@ -1332,6 +1332,17 @@ class TestRSASubjectAlternativeNameExtension(object): rfc822name = san.get_values_for_type(x509.RFC822Name) assert [u"email@em\xe5\xefl.com"] == rfc822name + def test_idna2003_invalid(self, backend): + cert = _load_cert( + os.path.join( + "x509", "custom", "san_idna2003_dnsname.pem" + ), + x509.load_pem_x509_certificate, + backend + ) + with pytest.raises(UnicodeError): + cert.extensions + def test_unicode_rfc822_name_dns_name_uri(self, backend): cert = _load_cert( os.path.join( |