From ca6ce995434d9629b2f4867dff7a6361fdf77fcd Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Wed, 17 Jun 2015 22:13:15 -0600
Subject: inhibit any policy extension support for the openssl backend

---
 src/cryptography/hazmat/backends/openssl/x509.py | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'src')

diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index a836e6a7..3b0c2954 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -290,6 +290,8 @@ class _Certificate(object):
                 value = _decode_crl_distribution_points(self._backend, ext)
             elif oid == x509.OID_OCSP_NO_CHECK:
                 value = x509.OCSPNoCheck()
+            elif oid == x509.OID_INHIBIT_ANY_POLICY:
+                value = _decode_inhibit_any_policy(self._backend, ext)
             elif critical:
                 raise x509.UnsupportedExtension(
                     "{0} is not currently supported".format(oid), oid
@@ -635,6 +637,17 @@ def _decode_crl_distribution_points(backend, ext):
     return x509.CRLDistributionPoints(dist_points)
 
 
+def _decode_inhibit_any_policy(backend, ext):
+    asn1_int = backend._ffi.cast(
+        "ASN1_INTEGER *",
+        backend._lib.X509V3_EXT_d2i(ext)
+    )
+    assert asn1_int != backend._ffi.NULL
+    asn1_int = backend._ffi.gc(asn1_int, backend._lib.ASN1_INTEGER_free)
+    skip_certs = _asn1_integer_to_int(backend, asn1_int)
+    return x509.InhibitAnyPolicy(skip_certs)
+
+
 @utils.register_interface(x509.CertificateSigningRequest)
 class _CertificateSigningRequest(object):
     def __init__(self, backend, x509_req):
-- 
cgit v1.2.3