Fixed #2067 -- raise an error if a CSRbuilder doesn't hav a subject
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index 78de79d..e27fb6e 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -833,7 +833,7 @@
# Set subject name.
res = self._lib.X509_REQ_set_subject_name(
- x509_req, _encode_name(self, list(builder._subject_name))
+ x509_req, _encode_name(self, builder._subject_name)
)
assert res == 1
diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py
index 0f72abb..668bc2e 100644
--- a/src/cryptography/x509.py
+++ b/src/cryptography/x509.py
@@ -1486,4 +1486,6 @@
"""
Signs the request using the requestor's private key.
"""
+ if self._subject_name is None:
+ raise ValueError("A CertificateSigningRequest must have a subject")
return backend.create_x509_csr(self, private_key, algorithm)
diff --git a/tests/test_x509.py b/tests/test_x509.py
index 08dae0c..131954c 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -687,11 +687,21 @@
def test_sign_invalid_hash_algorithm(self, backend):
private_key = RSA_KEY_2048.private_key(backend)
- builder = x509.CertificateSigningRequestBuilder()
+ builder = x509.CertificateSigningRequestBuilder().subject_name(
+ x509.Name([])
+ )
with pytest.raises(TypeError):
builder.sign(private_key, 'NotAHash', backend)
@pytest.mark.requires_backend_interface(interface=RSABackend)
+ def test_no_subject_name(self, backend):
+ private_key = RSA_KEY_2048.private_key(backend)
+
+ builder = x509.CertificateSigningRequestBuilder()
+ with pytest.raises(ValueError):
+ builder.sign(private_key, hashes.SHA256(), backend)
+
+ @pytest.mark.requires_backend_interface(interface=RSABackend)
def test_build_ca_request_with_rsa(self, backend):
private_key = RSA_KEY_2048.private_key(backend)