Merge pull request #2085 from alex/encode-san
Initial code to encode SANs
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index bc95cf7..82a3e5b 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -27,6 +27,11 @@
* Add support for creating certificate signing requests with
:class:`~cryptography.x509.CertificateSigningRequestBuilder`.
+0.9.2 - 2015-07-04
+~~~~~~~~~~~~~~~~~~
+
+* Updated Windows wheels to be compiled against OpenSSL 1.0.2c.
+
0.9.1 - 2015-06-06
~~~~~~~~~~~~~~~~~~
@@ -125,51 +130,39 @@
SubjectPublicKeyInfo format for RSA, EC, and DSA).
* Added
:class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKeyWithSerialization`
- and deprecated
- :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKeyWithNumbers`.
+ and deprecated ``EllipticCurvePrivateKeyWithNumbers``.
* Added
:meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKeyWithSerialization.private_bytes`
to
:class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKeyWithSerialization`.
* Added
:class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKeyWithSerialization`
- and deprecated
- :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKeyWithNumbers`.
+ and deprecated ``RSAPrivateKeyWithNumbers``.
* Added
:meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKeyWithSerialization.private_bytes`
to
:class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKeyWithSerialization`.
* Added
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKeyWithSerialization`
- and deprecated
- :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKeyWithNumbers`.
+ and deprecated ``DSAPrivateKeyWithNumbers``.
* Added
:meth:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKeyWithSerialization.private_bytes`
to
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKeyWithSerialization`.
* Added
:class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKeyWithSerialization`
- and deprecated
- :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKeyWithNumbers`.
-* Added
- :meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKeyWithSerialization.public_bytes`
- to
+ and deprecated ``RSAPublicKeyWithNumbers``.
+* Added ``public_bytes`` to
:class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKeyWithSerialization`.
* Added
:class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKeyWithSerialization`
- and deprecated
- :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKeyWithNumbers`.
-* Added
- :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKeyWithSerialization.public_bytes`
- to
+ and deprecated ``EllipticCurvePublicKeyWithNumbers``.
+* Added ``public_bytes`` to
:class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKeyWithSerialization`.
* Added
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKeyWithSerialization`
- and deprecated
- :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKeyWithNumbers`.
-* Added
- :meth:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKeyWithSerialization.public_bytes`
- to
+ and deprecated ``DSAPublicKeyWithNumbers``.
+* Added ``public_bytes`` to
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKeyWithSerialization`.
* :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` and
:class:`~cryptography.hazmat.primitives.hashes.HashContext` were moved from
@@ -204,25 +197,24 @@
* :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParameters`,
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParametersWithNumbers`,
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`,
- :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKeyWithNumbers`,
+ ``DSAPrivateKeyWithNumbers``,
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey` and
- :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKeyWithNumbers`
- were moved from :mod:`~cryptography.hazmat.primitives.interfaces` to
+ ``DSAPublicKeyWithNumbers`` were moved from
+ :mod:`~cryptography.hazmat.primitives.interfaces` to
:mod:`~cryptography.hazmat.primitives.asymmetric.dsa`
* :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve`,
:class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurveSignatureAlgorithm`,
:class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey`,
- :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKeyWithNumbers`,
+ ``EllipticCurvePrivateKeyWithNumbers``,
:class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey`,
- and
- :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKeyWithNumbers`
+ and ``EllipticCurvePublicKeyWithNumbers``
were moved from :mod:`~cryptography.hazmat.primitives.interfaces` to
:mod:`~cryptography.hazmat.primitives.asymmetric.ec`.
* :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`,
- :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKeyWithNumbers`,
+ ``RSAPrivateKeyWithNumbers``,
:class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey` and
- :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKeyWithNumbers`
- were moved from :mod:`~cryptography.hazmat.primitives.interfaces` to
+ ``RSAPublicKeyWithNumbers`` were moved from
+ :mod:`~cryptography.hazmat.primitives.interfaces` to
:mod:`~cryptography.hazmat.primitives.asymmetric.rsa`.
0.7.2 - 2015-01-16
diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst
index fe64fe1..ea44a46 100644
--- a/docs/development/test-vectors.rst
+++ b/docs/development/test-vectors.rst
@@ -104,6 +104,10 @@
cryptography website.
* ``wildcard_san.pem`` - A leaf certificate issued by a public CA for
``langui.sh`` that contains wildcard entries in the SAN extension.
+* ``san_edipartyname.der`` - A DSA certificate from a `Mozilla bug`_
+ containing a SAN extension with an ``ediPartyName`` general name.
+* ``san_x400address.der`` - A DSA certificate from a `Mozilla bug`_ containing
+ a SAN extension with an ``x400Address`` general name.
Custom X.509 Vectors
~~~~~~~~~~~~~~~~~~~~
@@ -412,3 +416,4 @@
.. _`DigiCert Global Root G3`: http://cacerts.digicert.com/DigiCertGlobalRootG3.crt
.. _`root data`: https://hg.mozilla.org/projects/nss/file/25b2922cc564/security/nss/lib/ckfw/builtins/certdata.txt#l2053
.. _`asymmetric/public/PKCS1/dsa.pub.pem`: https://github.com/ruby/ruby/blob/4ccb387f3bc436a08fc6d72c4931994f5de95110/test/openssl/test_pkey_dsa.rb#L53
+.. _`Mozilla bug`: https://bugzilla.mozilla.org/show_bug.cgi?id=233586
diff --git a/docs/hazmat/primitives/asymmetric/dsa.rst b/docs/hazmat/primitives/asymmetric/dsa.rst
index 179bb8d..2ceb7d7 100644
--- a/docs/hazmat/primitives/asymmetric/dsa.rst
+++ b/docs/hazmat/primitives/asymmetric/dsa.rst
@@ -284,23 +284,6 @@
The bit length of the modulus.
-.. class:: DSAPrivateKeyWithNumbers
-
- .. versionadded:: 0.5
-
- Extends :class:`DSAPrivateKey`.
-
- .. method:: private_numbers()
-
- Create a
- :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateNumbers`
- object.
-
- :returns: A
- :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateNumbers`
- instance.
-
-
.. class:: DSAPrivateKeyWithSerialization
.. versionadded:: 0.8
@@ -384,29 +367,6 @@
:returns:
:class:`~cryptography.hazmat.primitives.asymmetric.AsymmetricVerificationContext`
-
-.. class:: DSAPublicKeyWithNumbers
-
- .. versionadded:: 0.5
-
- Extends :class:`DSAPublicKey`.
-
- .. method:: public_numbers()
-
- Create a
- :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicNumbers`
- object.
-
- :returns: A
- :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicNumbers`
- instance.
-
-.. class:: DSAPublicKeyWithSerialization
-
- .. versionadded:: 0.8
-
- Extends :class:`DSAPublicKey`.
-
.. method:: public_numbers()
Create a
@@ -435,6 +395,13 @@
:return bytes: Serialized key.
+.. class:: DSAPublicKeyWithSerialization
+
+ .. versionadded:: 0.8
+
+ Alias for :class:`DSAPublicKey`.
+
+
.. _`DSA`: https://en.wikipedia.org/wiki/Digital_Signature_Algorithm
.. _`public-key`: https://en.wikipedia.org/wiki/Public-key_cryptography
.. _`FIPS 186-4`: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf
diff --git a/docs/hazmat/primitives/asymmetric/ec.rst b/docs/hazmat/primitives/asymmetric/ec.rst
index 71f6e6f..e0abe0a 100644
--- a/docs/hazmat/primitives/asymmetric/ec.rst
+++ b/docs/hazmat/primitives/asymmetric/ec.rst
@@ -321,19 +321,6 @@
The EllipticCurvePublicKey object for this private key.
-.. class:: EllipticCurvePrivateKeyWithNumbers
-
- .. versionadded:: 0.6
-
- Extends :class:`EllipticCurvePrivateKey`.
-
- .. method:: private_numbers()
-
- Create a :class:`EllipticCurvePrivateNumbers` object.
-
- :returns: An :class:`EllipticCurvePrivateNumbers` instance.
-
-
.. class:: EllipticCurvePrivateKeyWithSerialization
.. versionadded:: 0.8
@@ -399,26 +386,6 @@
The elliptic curve for this key.
-
-.. class:: EllipticCurvePublicKeyWithNumbers
-
- .. versionadded:: 0.6
-
- Extends :class:`EllipticCurvePublicKey`.
-
- .. method:: public_numbers()
-
- Create a :class:`EllipticCurvePublicNumbers` object.
-
- :returns: An :class:`EllipticCurvePublicNumbers` instance.
-
-
-.. class:: EllipticCurvePublicKeyWithSerialization
-
- .. versionadded:: 0.6
-
- Extends :class:`EllipticCurvePublicKey`.
-
.. method:: public_numbers()
Create a :class:`EllipticCurvePublicNumbers` object.
@@ -443,6 +410,13 @@
:return bytes: Serialized key.
+.. class:: EllipticCurvePublicKeyWithSerialization
+
+ .. versionadded:: 0.6
+
+ Alias for :class:`EllipticCurvePublicKey`.
+
+
.. _`FIPS 186-3`: http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf
.. _`FIPS 186-4`: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf
.. _`some concern`: https://crypto.stackexchange.com/questions/10263/should-we-trust-the-nist-recommended-ecc-parameters
diff --git a/docs/hazmat/primitives/asymmetric/rsa.rst b/docs/hazmat/primitives/asymmetric/rsa.rst
index 3b5b677..e8bbf5c 100644
--- a/docs/hazmat/primitives/asymmetric/rsa.rst
+++ b/docs/hazmat/primitives/asymmetric/rsa.rst
@@ -113,10 +113,8 @@
>>> pem.splitlines()[0]
'-----BEGIN RSA PRIVATE KEY-----'
-Similarly, if your public key implements
-:class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKeyWithSerialization`
-interface you can use
-:meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKeyWithSerialization.public_bytes`
+For public keys you can use
+:meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey.public_bytes`
to serialize the key.
.. doctest::
@@ -518,23 +516,6 @@
The bit length of the modulus.
-.. class:: RSAPrivateKeyWithNumbers
-
- .. versionadded:: 0.5
-
- Extends :class:`RSAPrivateKey`.
-
- .. method:: private_numbers()
-
- Create a
- :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers`
- object.
-
- :returns: An
- :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers`
- instance.
-
-
.. class:: RSAPrivateKeyWithSerialization
.. versionadded:: 0.8
@@ -625,30 +606,6 @@
The bit length of the modulus.
-
-.. class:: RSAPublicKeyWithNumbers
-
- .. versionadded:: 0.5
-
- Extends :class:`RSAPublicKey`.
-
- .. method:: public_numbers()
-
- Create a
- :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicNumbers`
- object.
-
- :returns: An
- :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicNumbers`
- instance.
-
-
-.. class:: RSAPublicKeyWithSerialization
-
- .. versionadded:: 0.8
-
- Extends :class:`RSAPublicKey`.
-
.. method:: public_numbers()
Create a
@@ -679,6 +636,13 @@
:return bytes: Serialized key.
+.. class:: RSAPublicKeyWithSerialization
+
+ .. versionadded:: 0.8
+
+ Alias for :class:`RSAPublicKey`.
+
+
.. _`RSA`: https://en.wikipedia.org/wiki/RSA_(cryptosystem)
.. _`public-key`: https://en.wikipedia.org/wiki/Public-key_cryptography
.. _`specific mathematical properties`: https://en.wikipedia.org/wiki/RSA_(cryptosystem)#Key_generation
diff --git a/docs/installation.rst b/docs/installation.rst
index 1c25ff7..96e1e8d 100644
--- a/docs/installation.rst
+++ b/docs/installation.rst
@@ -125,8 +125,23 @@
You should replace the version string on the first line as appropriate for your
build.
+Building cryptography on OS X
+-----------------------------
+
+Building cryptography requires the presence of a C compiler and development
+headers. On OS X this is typically provided by Apple's Xcode development tools.
+To install the Xcode command line tools on open a terminal window and run:
+
+.. code-block:: console
+
+ $ xcode-select --install
+
+This will install a compiler (clang) along with the required development
+headers. If you wish to compile against a more recent OpenSSL than the
+version shipped with OS X see the next section.
+
Using your own OpenSSL on OS X
-------------------------------
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To link cryptography against a custom version of OpenSSL you'll need to set
``ARCHFLAGS``, ``LDFLAGS``, and ``CFLAGS``. OpenSSL can be installed via
diff --git a/docs/spelling_wordlist.txt b/docs/spelling_wordlist.txt
index 235e08d..1eed7c7 100644
--- a/docs/spelling_wordlist.txt
+++ b/docs/spelling_wordlist.txt
@@ -63,3 +63,4 @@
unpadding
Verisign
wildcard
+Xcode
diff --git a/docs/x509.rst b/docs/x509.rst
index f94f50e..a3cf7e2 100644
--- a/docs/x509.rst
+++ b/docs/x509.rst
@@ -328,6 +328,8 @@
.. method:: public_bytes(encoding)
+ .. versionadded:: 1.0
+
:param encoding: The
:class:`~cryptography.hazmat.primitives.serialization.Encoding`
that will be used to serialize the certificate.
@@ -435,6 +437,8 @@
.. method:: public_bytes(encoding)
+ .. versionadded:: 1.0
+
:param encoding: The
:class:`~cryptography.hazmat.primitives.serialization.Encoding`
that will be used to serialize the certificate request.
diff --git a/src/_cffi_src/openssl/x509v3.py b/src/_cffi_src/openssl/x509v3.py
index 5228745..0f5306d 100644
--- a/src/_cffi_src/openssl/x509v3.py
+++ b/src/_cffi_src/openssl/x509v3.py
@@ -59,7 +59,8 @@
static const int GEN_RID;
typedef struct {
- ...;
+ ASN1_OBJECT *type_id;
+ ASN1_TYPE *value;
} OTHERNAME;
typedef struct {
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index 80e5f2b..7bfeb2c 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -36,6 +36,14 @@
return backend._bn_to_int(bn)
+def _asn1_string_to_bytes(backend, asn1_string):
+ return backend._ffi.buffer(asn1_string.data, asn1_string.length)[:]
+
+
+def _asn1_string_to_ascii(backend, asn1_string):
+ return _asn1_string_to_bytes(backend, asn1_string).decode("ascii")
+
+
def _asn1_string_to_utf8(backend, asn1_string):
buf = backend._ffi.new("unsigned char **")
res = backend._lib.ASN1_STRING_to_UTF8(buf, asn1_string)
@@ -81,7 +89,7 @@
def _decode_general_name(backend, gn):
if gn.type == backend._lib.GEN_DNS:
- data = backend._ffi.buffer(gn.d.dNSName.data, gn.d.dNSName.length)[:]
+ data = _asn1_string_to_bytes(backend, gn.d.dNSName)
if data.startswith(b"*."):
# This is a wildcard name. We need to remove the leading wildcard,
# IDNA decode, then re-add the wildcard. Wildcard characters should
@@ -98,10 +106,7 @@
return x509.DNSName(decoded)
elif gn.type == backend._lib.GEN_URI:
- data = backend._ffi.buffer(
- gn.d.uniformResourceIdentifier.data,
- gn.d.uniformResourceIdentifier.length
- )[:].decode("ascii")
+ data = _asn1_string_to_ascii(backend, gn.d.uniformResourceIdentifier)
parsed = urllib_parse.urlparse(data)
hostname = idna.decode(parsed.hostname)
if parsed.port:
@@ -127,9 +132,7 @@
elif gn.type == backend._lib.GEN_IPADD:
return x509.IPAddress(
ipaddress.ip_address(
- backend._ffi.buffer(
- gn.d.iPAddress.data, gn.d.iPAddress.length
- )[:]
+ _asn1_string_to_bytes(backend, gn.d.iPAddress)
)
)
elif gn.type == backend._lib.GEN_DIRNAME:
@@ -137,9 +140,7 @@
_decode_x509_name(backend, gn.d.directoryName)
)
elif gn.type == backend._lib.GEN_EMAIL:
- data = backend._ffi.buffer(
- gn.d.rfc822Name.data, gn.d.rfc822Name.length
- )[:].decode("ascii")
+ data = _asn1_string_to_ascii(backend, gn.d.rfc822Name)
name, address = parseaddr(data)
parts = address.split(u"@")
if name or len(parts) > 2 or not address:
@@ -280,11 +281,10 @@
generalized_time = self._backend._ffi.gc(
generalized_time, self._backend._lib.ASN1_GENERALIZEDTIME_free
)
- time = self._backend._ffi.string(
- self._backend._lib.ASN1_STRING_data(
- self._backend._ffi.cast("ASN1_STRING *", generalized_time)
- )
- ).decode("ascii")
+ time = _asn1_string_to_ascii(
+ self._backend,
+ self._backend._ffi.cast("ASN1_STRING *", generalized_time)
+ )
return datetime.datetime.strptime(time, "%Y%m%d%H%M%SZ")
@property
diff --git a/src/cryptography/hazmat/primitives/asymmetric/dsa.py b/src/cryptography/hazmat/primitives/asymmetric/dsa.py
index 733a967..184177e 100644
--- a/src/cryptography/hazmat/primitives/asymmetric/dsa.py
+++ b/src/cryptography/hazmat/primitives/asymmetric/dsa.py
@@ -91,9 +91,6 @@
Returns an AsymmetricVerificationContext used for signing data.
"""
-
-@six.add_metaclass(abc.ABCMeta)
-class DSAPublicKeyWithSerialization(DSAPublicKey):
@abc.abstractmethod
def public_numbers(self):
"""
@@ -107,6 +104,9 @@
"""
+DSAPublicKeyWithSerialization = DSAPublicKey
+
+
def generate_parameters(key_size, backend):
return backend.generate_dsa_parameters(key_size)
diff --git a/src/cryptography/hazmat/primitives/asymmetric/ec.py b/src/cryptography/hazmat/primitives/asymmetric/ec.py
index 631fcbf..f1d39ee 100644
--- a/src/cryptography/hazmat/primitives/asymmetric/ec.py
+++ b/src/cryptography/hazmat/primitives/asymmetric/ec.py
@@ -85,9 +85,6 @@
The EllipticCurve that this key is on.
"""
-
-@six.add_metaclass(abc.ABCMeta)
-class EllipticCurvePublicKeyWithSerialization(EllipticCurvePublicKey):
@abc.abstractmethod
def public_numbers(self):
"""
@@ -101,6 +98,9 @@
"""
+EllipticCurvePublicKeyWithSerialization = EllipticCurvePublicKey
+
+
@utils.register_interface(EllipticCurve)
class SECT571R1(object):
name = "sect571r1"
diff --git a/src/cryptography/hazmat/primitives/asymmetric/rsa.py b/src/cryptography/hazmat/primitives/asymmetric/rsa.py
index 772473f..89eac4d 100644
--- a/src/cryptography/hazmat/primitives/asymmetric/rsa.py
+++ b/src/cryptography/hazmat/primitives/asymmetric/rsa.py
@@ -76,9 +76,6 @@
The bit length of the public modulus.
"""
-
-@six.add_metaclass(abc.ABCMeta)
-class RSAPublicKeyWithSerialization(RSAPublicKey):
@abc.abstractmethod
def public_numbers(self):
"""
@@ -92,6 +89,9 @@
"""
+RSAPublicKeyWithSerialization = RSAPublicKey
+
+
def generate_private_key(public_exponent, key_size, backend):
if not isinstance(backend, RSABackend):
raise UnsupportedAlgorithm(
diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py
index 0ef84e7..d15d666 100644
--- a/tests/test_x509_ext.py
+++ b/tests/test_x509_ext.py
@@ -1382,18 +1382,16 @@
dns = ext.value.get_values_for_type(x509.DNSName)
assert dns == [u'*.\u043f\u044b\u043a\u0430.cryptography']
- def test_unsupported_other_name(self, backend):
+ def test_unsupported_gn(self, backend):
cert = _load_cert(
- os.path.join(
- "x509", "custom", "san_other_name.pem"
- ),
- x509.load_pem_x509_certificate,
+ os.path.join("x509", "san_x400address.der"),
+ x509.load_der_x509_certificate,
backend
)
with pytest.raises(x509.UnsupportedGeneralNameType) as exc:
cert.extensions
- assert exc.value.type == 0
+ assert exc.value.type == 3
def test_registered_id(self, backend):
cert = _load_cert(
diff --git a/vectors/cryptography_vectors/x509/san_edipartyname.der b/vectors/cryptography_vectors/x509/san_edipartyname.der
new file mode 100644
index 0000000..95ec204
--- /dev/null
+++ b/vectors/cryptography_vectors/x509/san_edipartyname.der
Binary files differ
diff --git a/vectors/cryptography_vectors/x509/san_x400address.der b/vectors/cryptography_vectors/x509/san_x400address.der
new file mode 100644
index 0000000..b0d10cf
--- /dev/null
+++ b/vectors/cryptography_vectors/x509/san_x400address.der
Binary files differ