2 files changed, 28 insertions, 2 deletions

diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index d6493778..af675116 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -89,8 +89,10 @@ def _encode_asn1_str(backend, data, length):
 
 
 def _encode_name(backend, attributes):
+    """
+    The X509_NAME created will not be gc'd. Use _encode_name_gc if needed.
+    """
     subject = backend._lib.X509_NAME_new()
-    subject = backend._ffi.gc(subject, backend._lib.X509_NAME_free)
     for attribute in attributes:
         value = attribute.value.encode('utf8')
         obj = _txt2obj(backend, attribute.oid.dotted_string)
@@ -105,6 +107,12 @@ def _encode_name(backend, attributes):
     return subject
 
 
+def _encode_name_gc(backend, attributes):
+    subject = _encode_name(backend, attributes)
+    subject = backend._ffi.gc(subject, backend._lib.X509_NAME_free)
+    return subject
+
+
 def _txt2obj(backend, name):
     """
     Converts a Python string with an ASN.1 object ID in dotted form to a
@@ -171,6 +179,12 @@ def _encode_subject_alt_name(backend, san):
             )
             assert obj != backend._ffi.NULL
             gn.d.registeredID = obj
+        elif isinstance(alt_name, x509.DirectoryName):
+            gn = backend._lib.GENERAL_NAME_new()
+            assert gn != backend._ffi.NULL
+            name = _encode_name(backend, alt_name.value)
+            gn.type = backend._lib.GEN_DIRNAME
+            gn.d.directoryName = name
         else:
             raise NotImplementedError(
                 "Only DNSName and RegisteredID supported right now"
@@ -874,7 +888,7 @@ class Backend(object):
 
         # Set subject name.
         res = self._lib.X509_REQ_set_subject_name(
-            x509_req, _encode_name(self, builder._subject_name)
+            x509_req, _encode_name_gc(self, builder._subject_name)
         )
         assert res == 1
 
diff --git a/tests/test_x509.py b/tests/test_x509.py
index 9c97e969..6ad891b1 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -995,6 +995,12 @@ class TestCertificateSigningRequestBuilder(object):
                 x509.DNSName(u"example.com"),
                 x509.DNSName(u"*.example.com"),
                 x509.RegisteredID(x509.ObjectIdentifier("1.2.3.4.5.6.7")),
+                x509.DirectoryName(x509.Name([
+                    x509.NameAttribute(x509.OID_COMMON_NAME, u'PyCA'),
+                    x509.NameAttribute(
+                        x509.OID_ORGANIZATION_NAME, u'We heart UTF8!\u2122'
+                    )
+                ])),
             ]),
             critical=False,
         ).sign(private_key, hashes.SHA256(), backend)
@@ -1009,6 +1015,12 @@ class TestCertificateSigningRequestBuilder(object):
             x509.DNSName(u"example.com"),
             x509.DNSName(u"*.example.com"),
             x509.RegisteredID(x509.ObjectIdentifier("1.2.3.4.5.6.7")),
+            x509.DirectoryName(x509.Name([
+                x509.NameAttribute(x509.OID_COMMON_NAME, u'PyCA'),
+                x509.NameAttribute(
+                    x509.OID_ORGANIZATION_NAME, u'We heart UTF8!\u2122'
+                ),
+            ])),
         ]
 
     def test_subject_alt_name_unsupported_general_name(self, backend):