add a check to require that the list passed to SAN is all general names

commit: d04b39b253916223e9dd99831586822a4f9a2fc1 [log] [tgz]
author: Paul Kehrer <paul.l.kehrer@gmail.com> Tue Apr 21 08:44:17 2015 -0500
committer: Paul Kehrer <paul.l.kehrer@gmail.com> Tue Apr 21 08:44:17 2015 -0500
tree: cf057817a98a2f2df5bffcb8c66d0214272a51d5
parent: bd11e028dcf763171097f5366f87f95ad0371a03 [diff]
diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py
index cdc0e43..898ab6c 100644
--- a/src/cryptography/x509.py
+++ b/src/cryptography/x509.py

@@ -542,6 +542,12 @@
 
 class SubjectAlternativeName(object):
     def __init__(self, general_names):
+        if not all(isinstance(x, GeneralName) for x in general_names):
+            raise TypeError(
+                "Every item in the general_names list must be an "
+                "object conforming to the GeneralName interface"
+            )
+
         self._general_names = general_names
 
     def __iter__(self):

diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py
index 8516a33..45d309d 100644
--- a/tests/test_x509_ext.py
+++ b/tests/test_x509_ext.py

@@ -721,6 +721,12 @@
             x509.DNSName(six.u("crypto.local")),
         ]
 
+    def test_invalid_general_names(self):
+        with pytest.raises(TypeError):
+            x509.SubjectAlternativeName(
+                [x509.DNSName(six.u("cryptography.io")), "invalid"]
+            )
+
     def test_repr(self):
         san = x509.SubjectAlternativeName(
             [
commit	d04b39b253916223e9dd99831586822a4f9a2fc1	[log] [tgz]
author	Paul Kehrer <paul.l.kehrer@gmail.com>	Tue Apr 21 08:44:17 2015 -0500
committer	Paul Kehrer <paul.l.kehrer@gmail.com>	Tue Apr 21 08:44:17 2015 -0500
tree	cf057817a98a2f2df5bffcb8c66d0214272a51d5
parent	bd11e028dcf763171097f5366f87f95ad0371a03 [diff]