commit d06763d9258115b2e1199296a18d7ec773d47ac3
author Nick Bastin <nick.bastin@gmail.com> Sat Dec 12 18:32:59 2015 -0800
committer Nick Bastin <nick.bastin@gmail.com> Sun Dec 20 08:15:56 2015 -0800
tree e8ccd2edc5a226919c10f2738ef8d53d44ab0624
parent 4594773bdc8145aa599e18a2119948d061b50b13

Allow any OID for access_method, validate OIDs at creation time, fix tests.

src/cryptography/x509/extensions.py

diff --git a/src/cryptography/x509/extensions.py b/src/cryptography/x509/extensions.py
index 46ba5a2..017e098 100644
--- a/src/cryptography/x509/extensions.py
+++ b/src/cryptography/x509/extensions.py
@@ -238,11 +238,8 @@
 
 class AccessDescription(object):
     def __init__(self, access_method, access_location):
-        if not (access_method == AuthorityInformationAccessOID.OCSP or
-                access_method == AuthorityInformationAccessOID.CA_ISSUERS):
-            raise ValueError(
-                "access_method must be OID_OCSP or OID_CA_ISSUERS"
-            )
+        if not isinstance(access_method, ObjectIdentifier):
+          raise TypeError("access_method must be an ObjectIdentifier")
 
         if not isinstance(access_location, GeneralName):
             raise TypeError("access_location must be a GeneralName")

tests/test_x509_ext.py

diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py
index 751de08..511fad6 100644
--- a/tests/test_x509_ext.py
+++ b/tests/test_x509_ext.py
@@ -1861,7 +1861,8 @@
 
 class TestAccessDescription(object):
     def test_invalid_access_method(self):
-        with pytest.raises(ValueError):
+        # access_method can be *any* valid OID
+        with pytest.raises(TypeError):
             x509.AccessDescription("notanoid", x509.DNSName(u"test"))
 
     def test_invalid_access_location(self):