commit 37b82df9e4c1397df1d878b0ee4ee7d1c3ad0ce7
author Alex Gaynor <alex.gaynor@gmail.com> Fri Jul 03 10:26:37 2015 -0400
committer Alex Gaynor <alex.gaynor@gmail.com> Fri Jul 03 10:26:37 2015 -0400
tree 276944b125d305ddbd5ac53f607d018eda59183b
parent 122b5ed88ce7697a3ad7baed1172a09944a2ba25

Added support for SANs in CSRs

src/cryptography/hazmat/backends/openssl/x509.py

diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index c7ca2ad..80e5f2b 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -770,5 +770,6 @@
     get_ext=lambda backend, x, i: backend._lib.sk_X509_EXTENSION_value(x, i),
     handlers={
         x509.OID_BASIC_CONSTRAINTS: _decode_basic_constraints,
+        x509.OID_SUBJECT_ALTERNATIVE_NAME: _decode_subject_alt_name,
     }
 )

tests/test_x509.py

diff --git a/tests/test_x509.py b/tests/test_x509.py
index ac91039..1e0c9cd 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -592,6 +592,20 @@
             ),
         ]
 
+    def test_subject_alt_name(self, backend):
+        request = _load_cert(
+            os.path.join("x509", "requests", "san_rsa_sha1.pem"),
+            x509.load_pem_x509_csr,
+            backend,
+        )
+        ext = request.extensions.get_extension_for_oid(
+            x509.OID_SUBJECT_ALTERNATIVE_NAME
+        )
+        assert list(ext.value) == [
+            x509.DNSName(u"cryptography.io"),
+            x509.DNSName(u"sub.cryptography.io"),
+        ]
+
     def test_public_bytes_pem(self, backend):
         # Load an existing CSR.
         request = _load_cert(