From 641149c2b4cc17edd5934d76e23a47d782b28f55 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Sun, 6 Mar 2016 19:10:56 -0430
Subject: raise ValueError if > 2 byte value for NameAttribute with CN OID

---
 src/cryptography/x509/name.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/cryptography/x509/name.py b/src/cryptography/x509/name.py
index 9d93ece1..c7f6f99d 100644
--- a/src/cryptography/x509/name.py
+++ b/src/cryptography/x509/name.py
@@ -7,7 +7,7 @@ from __future__ import absolute_import, division, print_function
 import six
 
 from cryptography import utils
-from cryptography.x509.oid import ObjectIdentifier
+from cryptography.x509.oid import NameOID, ObjectIdentifier
 
 
 class NameAttribute(object):
@@ -22,6 +22,11 @@ class NameAttribute(object):
                 "value argument must be a text type."
             )
 
+        if oid == NameOID.COUNTRY_NAME and len(value.encode("ascii")) != 2:
+            raise ValueError(
+                "Country name must be a 2 character country code"
+            )
+
         self._oid = oid
         self._value = value
 
-- 
cgit v1.2.3