Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / d5f718c19c09f529ff34b319a1e2e0e7f1862a9a^! / .
commitd5f718c19c09f529ff34b319a1e2e0e7f1862a9a[log] [tgz]
authorAlex Gaynor <alex.gaynor@gmail.com>Sun Jul 05 11:19:38 2015 -0400
committerAlex Gaynor <alex.gaynor@gmail.com>Sun Jul 05 11:19:38 2015 -0400
treee96284a62f24d00ef19c02e219f196fdc607b203
parent230989fe958bedbe4be3aef3761d452f28bb45ea [diff]
Organize code a bit better

diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index f05b051..753cb50 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py

@@ -139,20 +139,25 @@
 def _encode_subject_alt_name(backend, san):
     general_names = backend._lib.GENERAL_NAMES_new()
     assert general_names != backend._ffi.NULL
-    # TODO: GC
+    general_names = backend._ffi.gc(
+        general_names, backend._lib.GENERAL_NAMES_free
+    )
 
     for alt_name in san:
-        assert isinstance(alt_name, x509.DNSName)
         gn = backend._lib.GENERAL_NAME_new()
         assert gn != backend._ffi.NULL
-        gn.type = backend._lib.GEN_DNS
-        ia5 = backend._lib.ASN1_IA5STRING_new()
-        assert ia5 != backend._ffi.NULL
-        gn.d.dNSName = ia5
-        # TODO: idna
-        value = alt_name.value.encode("ascii")
-        res = backend._lib.ASN1_STRING_set(gn.d.dNSName, value, len(value))
-        assert res == 1
+        # TODO: GC?
+        if isinstance(alt_name, x509.DNSName):
+            gn.type = backend._lib.GEN_DNS
+            ia5 = backend._lib.ASN1_IA5STRING_new()
+            assert ia5 != backend._ffi.NULL
+            # TODO: idna
+            value = alt_name.value.encode("ascii")
+            res = backend._lib.ASN1_STRING_set(ia5, value, len(value))
+            assert res == 1
+            gn.d.dNSName = ia5
+        else:
+            raise NotImplementedError("Only DNSNames are supported right now")
 
         res = backend._lib.sk_GENERAL_NAME_push(general_names, gn)
         assert res == 1

diff --git a/tests/test_x509.py b/tests/test_x509.py
index 3975d5b..6cc0fc4 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py

@@ -935,6 +935,24 @@
             x509.DNSName(u"google.com"),
         ]
 
+    def test_subject_alt_name_unsupported_general_name(self, backend):
+        private_key = RSA_KEY_2048.private_key(backend)
+
+        builder = x509.CertificateSigningRequestBuilder().subject_name(
+            x509.Name([
+                x509.NameAttribute(x509.OID_COMMON_NAME, u"SAN"),
+            ])
+        ).add_extension(
+            x509.SubjectAlternativeName([
+                x509.RFC822Name(u"test@example.com"),
+            ]),
+            critical=False,
+        )
+
+        with pytest.raises(NotImplementedError):
+            builder.sign(private_key, hashes.SHA256(), backend)
+
+
 
 @pytest.mark.requires_backend_interface(interface=DSABackend)
 @pytest.mark.requires_backend_interface(interface=X509Backend)