aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/cryptography/hazmat/backends/openssl/decode_asn1.py24
1 files changed, 24 insertions, 0 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/decode_asn1.py b/src/cryptography/hazmat/backends/openssl/decode_asn1.py
index 42d6c858..24fbef86 100644
--- a/src/cryptography/hazmat/backends/openssl/decode_asn1.py
+++ b/src/cryptography/hazmat/backends/openssl/decode_asn1.py
@@ -452,6 +452,29 @@ def _decode_general_subtrees(backend, stack_subtrees):
return subtrees
+def _decode_policy_constraints(backend, pc):
+ pc = backend._ffi.cast("POLICY_CONSTRAINTS *", pc)
+ pc = backend._ffi.gc(pc, backend._lib.POLICY_CONSTRAINTS_free)
+
+ if pc.requireExplicitPolicy == backend._ffi.NULL:
+ require_explicit_policy = None
+ else:
+ require_explicit_policy = _asn1_integer_to_int(
+ backend, pc.requireExplicitPolicy
+ )
+
+ if pc.inhibitPolicyMapping == backend._ffi.NULL:
+ inhibit_policy_mapping = None
+ else:
+ inhibit_policy_mapping = _asn1_integer_to_int(
+ backend, pc.inhibitPolicyMapping
+ )
+
+ return x509.PolicyConstraints(
+ require_explicit_policy, inhibit_policy_mapping
+ )
+
+
def _decode_extended_key_usage(backend, sk):
sk = backend._ffi.cast("Cryptography_STACK_OF_ASN1_OBJECT *", sk)
sk = backend._ffi.gc(sk, backend._lib.sk_ASN1_OBJECT_free)
@@ -729,6 +752,7 @@ _EXTENSION_HANDLERS = {
ExtensionOID.INHIBIT_ANY_POLICY: _decode_inhibit_any_policy,
ExtensionOID.ISSUER_ALTERNATIVE_NAME: _decode_issuer_alt_name,
ExtensionOID.NAME_CONSTRAINTS: _decode_name_constraints,
+ ExtensionOID.POLICY_CONSTRAINTS: _decode_policy_constraints,
}
_REVOKED_EXTENSION_HANDLERS = {
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-09 00:04:25 +0000