diff options
| -rw-r--r-- | docs/development/test-vectors.rst | 3 | ||||
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/x509.py | 20 | ||||
| -rw-r--r-- | tox.ini | 1 | ||||
| -rw-r--r-- | vectors/cryptography_vectors/x509/custom/cp_user_notice_no_explicit_text.pem | 18 |
4 files changed, 34 insertions, 8 deletions
diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst index 3d49801d..824fb57f 100644 --- a/docs/development/test-vectors.rst +++ b/docs/development/test-vectors.rst @@ -192,6 +192,9 @@ Custom X.509 Vectors text and no notice reference. * ``cp_cps_uri.pem`` - An RSA 2048 bit self-signed certificate containing a certificate policies extension with a CPS URI and no user notice. +* ``cp_user_notice_no_explicit_text.pem`` - An RSA 2048 bit self-signed + certificate containing a certificate policies extension with a user notice + with no explicit text. Custom X.509 Request Vectors ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index 25b7c8c1..8b5f3920 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -45,6 +45,17 @@ def _asn1_integer_to_int(backend, asn1_int): return backend._bn_to_int(bn) +def _asn1_string_to_utf8(backend, asn1_string): + buf = backend._ffi.new("unsigned char **") + res = backend._lib.ASN1_STRING_to_UTF8(buf, asn1_string) + assert res >= 0 + assert buf[0] != backend._ffi.NULL + buf = backend._ffi.gc( + buf, lambda buffer: backend._lib.OPENSSL_free(buffer[0]) + ) + return backend._ffi.buffer(buf[0], res)[:].decode('utf8') + + def _build_x509_name(backend, x509_name): count = backend._lib.X509_NAME_entry_count(x509_name) attributes = [] @@ -54,14 +65,7 @@ def _build_x509_name(backend, x509_name): assert obj != backend._ffi.NULL data = backend._lib.X509_NAME_ENTRY_get_data(entry) assert data != backend._ffi.NULL - buf = backend._ffi.new("unsigned char **") - res = backend._lib.ASN1_STRING_to_UTF8(buf, data) - assert res >= 0 - assert buf[0] != backend._ffi.NULL - buf = backend._ffi.gc( - buf, lambda buffer: backend._lib.OPENSSL_free(buffer[0]) - ) - value = backend._ffi.buffer(buf[0], res)[:].decode('utf8') + value = _asn1_string_to_utf8(backend, data) oid = _obj2txt(backend, obj) attributes.append( x509.NameAttribute( @@ -9,6 +9,7 @@ deps = pretend pytest ./vectors +passenv = ARCHFLAGS LDFLAGS CFLAGS INCLUDE LIB LD_LIBRARY_PATH commands = # We use parallel mode and then combine here so that coverage.py will take # the paths like .tox/py34/lib/python3.4/site-packages/cryptography/__init__.py diff --git a/vectors/cryptography_vectors/x509/custom/cp_user_notice_no_explicit_text.pem b/vectors/cryptography_vectors/x509/custom/cp_user_notice_no_explicit_text.pem new file mode 100644 index 00000000..2e83f4f3 --- /dev/null +++ b/vectors/cryptography_vectors/x509/custom/cp_user_notice_no_explicit_text.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC9TCCAd2gAwIBAgITBms9nulfRmkzFGQpLZiG6DnGpzANBgkqhkiG9w0BAQUF +ADASMRAwDgYDVQQDDAdQeUNBIENBMB4XDTE1MDUxMjE1MDIyMloXDTE2MDUxMTE1 +MDIyMlowEjEQMA4GA1UEAwwHUHlDQSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAK3FTRITEY4b/Y1Uv4CtH61Y19TPxK2+H/XuqHwtYlPRyD35LLFE +S0wykf0V2m1DUmf9jQa9R63jBZxzCgJ/oIJzV28PgSg9P/Nn417fNASDduY2GPvY +uwwKXcLY2fBBFjBrz7z/5tyXCADjLDkzoUTzQlYPbhOrFU5QwaqlckXBgt/48GRD +ujoHy4RSMEDNjLUDgwx7Z/JK2ujbGJDguLRuBsHirk2h6xXEmSWxquKDXw4Nnakw +Bqp8kKhQ2xTSWXxabNps8FCBM4sC78gKgONy3lbYdHFt/2BU4yAMyowJwtDEYHCq +e1g4sVsB839Ol0SXb6vleXQ6dx+zbi8UzTsCAwEAAaNEMEIwQAYDVR0gBDkwNzA1 +BgtghkgB4DkBAgMEATAmMCQGCCsGAQUFBwICMBgwFhYGbXkgb3JnMAwCAQECAQIC +AQMCAQQwDQYJKoZIhvcNAQEFBQADggEBAF1QYvzDOj7Gp2NDSC0Ymtvg4UVa+MR9 +65LmhodUITeMgUX97KjDwCAUXTii3G9yqdck9b7cQrqQj8vnaWHdObWdcn+9B87a +Fo22aZ+W0u0pEiLVI+ItMgSQnc950CCSrniDE5HiQ/jGnHvWAxJSz7BaconP1oGl +QkXdZ1BsCOjHa+eY7vDR5YtAg3Vdtc3JdBGRjK2oRH9fVlU9537NzHraZfhreBYA +YX3vDZ1AtHnFWh6cNQ0hVFzUmPkDt2bfXXZ2VuXL2jjAuGvC3nEDRjw7/dCf2YBP ++K3W8Mdkz/497IM5MmDh1eKzp4toVtxuhC/x/1t3VDUWpabHr+tRbpM= +-----END CERTIFICATE----- |