Merge pull request #1937 from reaperhulk/cp-more-vector

add another certificate policies test vector
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index 25b7c8c..8b5f392 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -45,6 +45,17 @@
     return backend._bn_to_int(bn)
 
 
+def _asn1_string_to_utf8(backend, asn1_string):
+    buf = backend._ffi.new("unsigned char **")
+    res = backend._lib.ASN1_STRING_to_UTF8(buf, asn1_string)
+    assert res >= 0
+    assert buf[0] != backend._ffi.NULL
+    buf = backend._ffi.gc(
+        buf, lambda buffer: backend._lib.OPENSSL_free(buffer[0])
+    )
+    return backend._ffi.buffer(buf[0], res)[:].decode('utf8')
+
+
 def _build_x509_name(backend, x509_name):
     count = backend._lib.X509_NAME_entry_count(x509_name)
     attributes = []
@@ -54,14 +65,7 @@
         assert obj != backend._ffi.NULL
         data = backend._lib.X509_NAME_ENTRY_get_data(entry)
         assert data != backend._ffi.NULL
-        buf = backend._ffi.new("unsigned char **")
-        res = backend._lib.ASN1_STRING_to_UTF8(buf, data)
-        assert res >= 0
-        assert buf[0] != backend._ffi.NULL
-        buf = backend._ffi.gc(
-            buf, lambda buffer: backend._lib.OPENSSL_free(buffer[0])
-        )
-        value = backend._ffi.buffer(buf[0], res)[:].decode('utf8')
+        value = _asn1_string_to_utf8(backend, data)
         oid = _obj2txt(backend, obj)
         attributes.append(
             x509.NameAttribute(
diff --git a/tox.ini b/tox.ini
index 759345f..77382eb 100644
--- a/tox.ini
+++ b/tox.ini
@@ -9,6 +9,7 @@
     pretend
     pytest
     ./vectors
+passenv = ARCHFLAGS LDFLAGS CFLAGS INCLUDE LIB LD_LIBRARY_PATH
 commands =
     # We use parallel mode and then combine here so that coverage.py will take
     # the paths like .tox/py34/lib/python3.4/site-packages/cryptography/__init__.py