Clean up code and fix.
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index c2a3dc2..2217960 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -115,9 +115,7 @@
return obj
-def _encode_basic_constraints(backend, basic_constraints, critical):
- obj = _txt2obj(backend, x509.OID_BASIC_CONSTRAINTS.dotted_string)
- assert obj is not None
+def _encode_basic_constraints(backend, basic_constraints):
constraints = backend._lib.BASIC_CONSTRAINTS_new()
constraints.ca = 255 if basic_constraints.ca else 0
if basic_constraints.ca:
@@ -132,24 +130,10 @@
pp = backend._ffi.gc(
pp, lambda pointer: backend._lib.OPENSSL_free(pointer[0])
)
-
- # Wrap that in an X509 extension object.
- extension = backend._lib.X509_EXTENSION_create_by_OBJ(
- backend._ffi.NULL,
- obj,
- 1 if critical else 0,
- _encode_asn1_str(backend, pp[0], r),
- )
- assert extension != backend._ffi.NULL
-
- # Return the wrapped extension.
- return extension
+ return pp, r
-def _encode_subject_alt_name(backend, san, critical):
- obj = _txt2obj(backend, x509.OID_SUBJECT_ALTERNATIVE_NAME.dotted_string)
- assert obj is not None
-
+def _encode_subject_alt_name(backend, san):
general_names = backend._lib.GENERAL_NAMES_new()
assert general_names != backend._ffi.NULL
# TODO: GC
@@ -176,15 +160,7 @@
pp = backend._ffi.gc(
pp, lambda pointer: backend._lib.OPENSSL_free(pointer[0])
)
-
- extension = backend._lib.X509_EXTENSION_create_by_OBJ(
- backend._ffi.NULL,
- obj,
- 1 if critical else 0,
- _encode_asn1_str(backend, pp[0], r)
- )
- assert extension != backend._ffi.NULL
- return extension
+ return pp, r
@utils.register_interface(CipherBackend)
@@ -893,19 +869,25 @@
)
for extension in builder._extensions:
if isinstance(extension.value, x509.BasicConstraints):
- extension = _encode_basic_constraints(
- self,
- extension.value,
- extension.critical
+ pp, r = _encode_basic_constraints(
+ self, extension.value,
)
elif isinstance(extension.value, x509.SubjectAlternativeName):
- extension = _encode_subject_alt_name(
- self,
- extension.value,
- extension.critical,
+ pp, r = _encode_subject_alt_name(
+ self, extension.value,
)
else:
raise NotImplementedError('Extension not yet supported.')
+
+ obj = _txt2obj(self, extension.oid.dotted_string)
+ extension = backend._lib.X509_EXTENSION_create_by_OBJ(
+ backend._ffi.NULL,
+ obj,
+ 1 if extension.critical else 0,
+ _encode_asn1_str(backend, pp[0], r)
+ )
+ assert extension != backend._ffi.NULL
+
res = self._lib.sk_X509_EXTENSION_push(extensions, extension)
assert res == 1
res = self._lib.X509_REQ_add_extensions(x509_req, extensions)
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index 8e361fa..b387b9e 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -720,6 +720,8 @@
)
elif oid == x509.OID_BASIC_CONSTRAINTS:
value = _decode_basic_constraints(self._backend, ext)
+ elif oid == x509.OID_SUBJECT_ALTERNATIVE_NAME:
+ value = _decode_subject_alt_name(self._backend, ext)
elif critical:
raise x509.UnsupportedExtension(
"{0} is not currently supported".format(oid), oid