2 files changed, 35 insertions, 3 deletions

diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py
index 21e18ddd..24d501e5 100644
--- a/src/cryptography/x509.py
+++ b/src/cryptography/x509.py
@@ -1468,6 +1468,10 @@ class CertificateSigningRequestBuilder(object):
         """
         if isinstance(extension, BasicConstraints):
             extension = Extension(OID_BASIC_CONSTRAINTS, critical, extension)
+        elif isinstance(extension, SubjectAlternativeName):
+            extension = Extension(
+                OID_SUBJECT_ALTERNATIVE_NAME, critical, extension
+            )
         else:
             raise NotImplementedError('Unsupported X.509 extension.')
         # TODO: This is quadratic in the number of extensions
diff --git a/tests/test_x509.py b/tests/test_x509.py
index ee83ed2d..53052196 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -834,7 +834,7 @@ class TestCertificateSigningRequestBuilder(object):
         assert basic_constraints.value.ca is True
         assert basic_constraints.value.path_length == 2
 
-    def test_add_duplicate_extension(self, backend):
+    def test_add_duplicate_extension(self):
         builder = x509.CertificateSigningRequestBuilder().add_extension(
             x509.BasicConstraints(True, 2), critical=True,
         )
@@ -843,12 +843,12 @@ class TestCertificateSigningRequestBuilder(object):
                 x509.BasicConstraints(True, 2), critical=True,
             )
 
-    def test_set_invalid_subject(self, backend):
+    def test_set_invalid_subject(self):
         builder = x509.CertificateSigningRequestBuilder()
         with pytest.raises(TypeError):
             builder.subject_name('NotAName')
 
-    def test_add_unsupported_extension(self, backend):
+    def test_add_unsupported_extension(self):
         builder = x509.CertificateSigningRequestBuilder()
         with pytest.raises(NotImplementedError):
             builder.add_extension(
@@ -856,6 +856,34 @@ class TestCertificateSigningRequestBuilder(object):
                 critical=False,
             )
 
+    def test_add_unsupported_extension_in_backend(self, backend):
+        private_key = RSA_KEY_2048.private_key(backend)
+        builder = x509.CertificateSigningRequestBuilder()
+        builder = builder.subject_name(
+            x509.Name([
+                x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+            ])
+        ).add_extension(
+            x509.SubjectAlternativeName([x509.DNSName(u"cryptography.io")]),
+            critical=False,
+        )
+        with pytest.raises(NotImplementedError):
+            builder.sign(backend, private_key, hashes.SHA256())
+
+    def test_set_subject_twice(self):
+        builder = x509.CertificateSigningRequestBuilder()
+        builder = builder.subject_name(
+            x509.Name([
+                x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+            ])
+        )
+        with pytest.raises(ValueError):
+            builder.subject_name(
+                x509.Name([
+                    x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
+                ])
+            )
+
 
 @pytest.mark.requires_backend_interface(interface=DSABackend)
 @pytest.mark.requires_backend_interface(interface=X509Backend)