1 files changed, 36 insertions, 36 deletions

diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index 9811e3ba..8d9e5e0e 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -58,42 +58,6 @@ from cryptography.x509.oid import ExtensionOID, NameOID
 _MemoryBIO = collections.namedtuple("_MemoryBIO", ["bio", "char_ptr"])
 
 
-def _encode_name_constraints(backend, name_constraints):
-    nc = backend._lib.NAME_CONSTRAINTS_new()
-    assert nc != backend._ffi.NULL
-    nc = backend._ffi.gc(nc, backend._lib.NAME_CONSTRAINTS_free)
-    permitted = _encode_general_subtree(
-        backend, name_constraints.permitted_subtrees
-    )
-    nc.permittedSubtrees = permitted
-    excluded = _encode_general_subtree(
-        backend, name_constraints.excluded_subtrees
-    )
-    nc.excludedSubtrees = excluded
-
-    pp = backend._ffi.new('unsigned char **')
-    r = backend._lib.Cryptography_i2d_NAME_CONSTRAINTS(nc, pp)
-    assert r > 0
-    pp = backend._ffi.gc(
-        pp, lambda pointer: backend._lib.OPENSSL_free(pointer[0])
-    )
-    return pp, r
-
-
-def _encode_general_subtree(backend, subtrees):
-    if subtrees is None:
-        return backend._ffi.NULL
-    else:
-        general_subtrees = backend._lib.sk_GENERAL_SUBTREE_new_null()
-        for name in subtrees:
-            gs = backend._lib.GENERAL_SUBTREE_new()
-            gs.base = _encode_general_name(backend, name)
-            res = backend._lib.sk_GENERAL_SUBTREE_push(general_subtrees, gs)
-            assert res >= 1
-
-        return general_subtrees
-
-
 def _encode_asn1_int(backend, x):
     """
     Converts a python integer to an ASN1_INTEGER. The returned ASN1_INTEGER
@@ -606,6 +570,42 @@ def _encode_crl_distribution_points(backend, crl_distribution_points):
     return pp, r
 
 
+def _encode_name_constraints(backend, name_constraints):
+    nc = backend._lib.NAME_CONSTRAINTS_new()
+    assert nc != backend._ffi.NULL
+    nc = backend._ffi.gc(nc, backend._lib.NAME_CONSTRAINTS_free)
+    permitted = _encode_general_subtree(
+        backend, name_constraints.permitted_subtrees
+    )
+    nc.permittedSubtrees = permitted
+    excluded = _encode_general_subtree(
+        backend, name_constraints.excluded_subtrees
+    )
+    nc.excludedSubtrees = excluded
+
+    pp = backend._ffi.new('unsigned char **')
+    r = backend._lib.Cryptography_i2d_NAME_CONSTRAINTS(nc, pp)
+    assert r > 0
+    pp = backend._ffi.gc(
+        pp, lambda pointer: backend._lib.OPENSSL_free(pointer[0])
+    )
+    return pp, r
+
+
+def _encode_general_subtree(backend, subtrees):
+    if subtrees is None:
+        return backend._ffi.NULL
+    else:
+        general_subtrees = backend._lib.sk_GENERAL_SUBTREE_new_null()
+        for name in subtrees:
+            gs = backend._lib.GENERAL_SUBTREE_new()
+            gs.base = _encode_general_name(backend, name)
+            res = backend._lib.sk_GENERAL_SUBTREE_push(general_subtrees, gs)
+            assert res >= 1
+
+        return general_subtrees
+
+
 _EXTENSION_ENCODE_HANDLERS = {
     ExtensionOID.BASIC_CONSTRAINTS: _encode_basic_constraints,
     ExtensionOID.SUBJECT_KEY_IDENTIFIER: _encode_subject_key_identifier,