aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/cryptography/hazmat/backends/openssl/backend.py25
1 files changed, 15 insertions, 10 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index f05b0515..753cb50d 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -139,20 +139,25 @@ def _encode_basic_constraints(backend, basic_constraints):
def _encode_subject_alt_name(backend, san):
general_names = backend._lib.GENERAL_NAMES_new()
assert general_names != backend._ffi.NULL
- # TODO: GC
+ general_names = backend._ffi.gc(
+ general_names, backend._lib.GENERAL_NAMES_free
+ )
for alt_name in san:
- assert isinstance(alt_name, x509.DNSName)
gn = backend._lib.GENERAL_NAME_new()
assert gn != backend._ffi.NULL
- gn.type = backend._lib.GEN_DNS
- ia5 = backend._lib.ASN1_IA5STRING_new()
- assert ia5 != backend._ffi.NULL
- gn.d.dNSName = ia5
- # TODO: idna
- value = alt_name.value.encode("ascii")
- res = backend._lib.ASN1_STRING_set(gn.d.dNSName, value, len(value))
- assert res == 1
+ # TODO: GC?
+ if isinstance(alt_name, x509.DNSName):
+ gn.type = backend._lib.GEN_DNS
+ ia5 = backend._lib.ASN1_IA5STRING_new()
+ assert ia5 != backend._ffi.NULL
+ # TODO: idna
+ value = alt_name.value.encode("ascii")
+ res = backend._lib.ASN1_STRING_set(ia5, value, len(value))
+ assert res == 1
+ gn.d.dNSName = ia5
+ else:
+ raise NotImplementedError("Only DNSNames are supported right now")
res = backend._lib.sk_GENERAL_NAME_push(general_names, gn)
assert res == 1
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-25 10:52:12 +0000