2 files changed, 20 insertions, 1 deletions

diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index b7a88a4a..6f335f48 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -179,6 +179,12 @@ def _decode_ocsp_no_check(backend, ext):
     return x509.OCSPNoCheck()
 
 
+def _decode_crl_number(backend, ext):
+    asn1_int = backend._ffi.cast("ASN1_INTEGER *", ext)
+    asn1_int = backend._ffi.gc(asn1_int, backend._lib.ASN1_INTEGER_free)
+    return backend._asn1_integer_to_int(asn1_int)
+
+
 class _X509ExtensionParser(object):
     def __init__(self, ext_count, get_ext, handlers, unsupported_exts=None):
         self.ext_count = ext_count
@@ -870,7 +876,7 @@ class _CertificateRevocationList(object):
 
     @property
     def extensions(self):
-        raise NotImplementedError()
+        return _CRL_EXTENSION_PARSER.parse(self._backend, self._x509_crl)
 
 
 @utils.register_interface(x509.CertificateSigningRequest)
@@ -978,6 +984,11 @@ _REVOKED_UNSUPPORTED_EXTENSIONS = set([
     CRLExtensionOID.CERTIFICATE_ISSUER,
 ])
 
+_CRL_EXTENSION_HANDLERS = {
+    ExtensionOID.CRL_NUMBER: _decode_crl_number,
+    ExtensionOID.AUTHORITY_KEY_IDENTIFIER: _decode_authority_key_identifier,
+}
+
 _CERTIFICATE_EXTENSION_PARSER = _X509ExtensionParser(
     ext_count=lambda backend, x: backend._lib.X509_get_ext_count(x),
     get_ext=lambda backend, x, i: backend._lib.X509_get_ext(x, i),
@@ -996,3 +1007,9 @@ _REVOKED_CERTIFICATE_EXTENSION_PARSER = _X509ExtensionParser(
     handlers=_REVOKED_EXTENSION_HANDLERS,
     unsupported_exts=_REVOKED_UNSUPPORTED_EXTENSIONS
 )
+
+_CRL_EXTENSION_PARSER = _X509ExtensionParser(
+    ext_count=lambda backend, x: backend._lib.X509_CRL_get_ext_count(x),
+    get_ext=lambda backend, x, i: backend._lib.X509_CRL_get_ext(x, i),
+    handlers=_CRL_EXTENSION_HANDLERS,
+)
diff --git a/src/cryptography/x509/oid.py b/src/cryptography/x509/oid.py
index 7b4df1c9..6509527f 100644
--- a/src/cryptography/x509/oid.py
+++ b/src/cryptography/x509/oid.py
@@ -85,6 +85,7 @@ class ExtensionOID(object):
     AUTHORITY_INFORMATION_ACCESS = ObjectIdentifier("1.3.6.1.5.5.7.1.1")
     SUBJECT_INFORMATION_ACCESS = ObjectIdentifier("1.3.6.1.5.5.7.1.11")
     OCSP_NO_CHECK = ObjectIdentifier("1.3.6.1.5.5.7.48.1.5")
+    CRL_NUMBER = ObjectIdentifier("2.5.29.20")
 
 
 class CRLExtensionOID(object):
@@ -234,6 +235,7 @@ _OID_NAMES = {
     ExtensionOID.AUTHORITY_INFORMATION_ACCESS: "authorityInfoAccess",
     ExtensionOID.SUBJECT_INFORMATION_ACCESS: "subjectInfoAccess",
     ExtensionOID.OCSP_NO_CHECK: "OCSPNoCheck",
+    ExtensionOID.CRL_NUMBER: "CRLNumber",
     AuthorityInformationAccessOID.OCSP: "OCSP",
     AuthorityInformationAccessOID.CA_ISSUERS: "caIssuers",
     CertificatePoliciesOID.CPS_QUALIFIER: "id-qt-cps",