2 files changed, 36 insertions, 2 deletions

diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index bba407db..7ccb39a4 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -230,9 +230,17 @@ def _encode_subject_alt_name(backend, san):
             )
             gn.type = backend._lib.GEN_EMAIL
             gn.d.rfc822Name = asn1_str
+        elif isinstance(alt_name, x509.UniformResourceIdentifier):
+            gn = backend._lib.GENERAL_NAME_new()
+            assert gn != backend._ffi.NULL
+            asn1_str = _encode_asn1_str(
+                backend, alt_name._encoded, len(alt_name._encoded)
+            )
+            gn.type = backend._lib.GEN_URI
+            gn.d.uniformResourceIdentifier = asn1_str
         else:
-            raise NotImplementedError(
-                "Only DNSName and RegisteredID supported right now"
+            raise ValueError(
+                "{0} is an unknown GeneralName type".format(alt_name)
             )
 
         res = backend._lib.sk_GENERAL_NAME_push(general_names, gn)
diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py
index 8bed79e2..58e1a37c 100644
--- a/src/cryptography/x509.py
+++ b/src/cryptography/x509.py
@@ -13,6 +13,8 @@ import idna
 
 import six
 
+from six.moves import urllib_parse
+
 from cryptography import utils
 from cryptography.hazmat.primitives import hashes
 
@@ -966,7 +968,31 @@ class UniformResourceIdentifier(object):
         if not isinstance(value, six.text_type):
             raise TypeError("value must be a unicode string")
 
+        parsed = urllib_parse.urlparse(value)
+        if not parsed.hostname:
+            netloc = ""
+        elif parsed.port:
+            netloc = (
+                idna.encode(parsed.hostname) +
+                ":{0}".format(parsed.port).encode("ascii")
+            ).decode("ascii")
+        else:
+            netloc = idna.encode(parsed.hostname).decode("ascii")
+
+        # Note that building a URL in this fashion means it should be
+        # semantically indistinguishable from the original but is not
+        # guaranteed to be exactly the same.
+        uri = urllib_parse.urlunparse((
+            parsed.scheme,
+            netloc,
+            parsed.path,
+            parsed.params,
+            parsed.query,
+            parsed.fragment
+        )).encode("ascii")
+
         self._value = value
+        self._encoded = uri
 
     value = utils.read_only_property("_value")