From ed32105be8daa27d39e5ef1f26e3f7bc672a7939 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 11 Oct 2017 08:11:44 +0800 Subject: Backwards incompatible change to DNSName (#3951) * Backwards incompatible change to DNSName During this release cycle we decided to officially deprecate passing U-labels to our GeneralName constructors. At first we tried changing this in a purely backwards compatible way but get_values_for_type made that untenable. This PR modifies DNSName to take three different types. U-label strings (which raises a deprecation warning), A-label strings (the new preferred type), and bytes (which are assumed to be decodable to unicode strings). The latter, while supported, is primarily intended for use by our parser and allows us to return the actual encoded data in a certificate even if it has not been properly encoded to A-label before the certificate is created. (Of course, if the certificate contains invalid utf8 sequences this will still fail, but let's handle one catastrophic failure at a time). * coverage * don't delete that asterisk from a test. it does things. * no bytes in DNSName. Private constructor for bypassing validation * test unicode in dnsname (yuck) * fix docs * empty commit, you disappoint me codecov * CI is the worst --- docs/x509/reference.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs') diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst index 951e6b7d..238a24e5 100644 --- a/docs/x509/reference.rst +++ b/docs/x509/reference.rst @@ -611,7 +611,7 @@ X.509 Certificate Builder >>> builder = builder.public_key(public_key) >>> builder = builder.add_extension( ... x509.SubjectAlternativeName( - ... [x509.DNSName(b'cryptography.io')] + ... [x509.DNSName(u'cryptography.io')] ... ), ... critical=False ... ) -- cgit v1.2.3