commit f54a50bc6cdb215c2cc7d6fb4ca524e109f0411c
author Paul Kehrer <paul.l.kehrer@gmail.com> Wed Jun 17 18:31:26 2015 -0600
committer Paul Kehrer <paul.l.kehrer@gmail.com> Wed Jun 17 18:31:26 2015 -0600
tree 5c489ea695164dfc76c577bec246103dd3a90642
parent b0e8ffac859b20512428321b685346685af2c0c7

support OCSPNoCheck in the OpenSSL backend

src/cryptography/hazmat/backends/openssl/x509.py

diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index f46dd1b..a836e6a 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -288,6 +288,8 @@
                 value = _decode_certificate_policies(self._backend, ext)
             elif oid == x509.OID_CRL_DISTRIBUTION_POINTS:
                 value = _decode_crl_distribution_points(self._backend, ext)
+            elif oid == x509.OID_OCSP_NO_CHECK:
+                value = x509.OCSPNoCheck()
             elif critical:
                 raise x509.UnsupportedExtension(
                     "{0} is not currently supported".format(oid), oid

tests/test_x509_ext.py

diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py
index d836164..c906f1e 100644
--- a/tests/test_x509_ext.py
+++ b/tests/test_x509_ext.py
@@ -2395,6 +2395,23 @@
         ])
 
 
+@pytest.mark.requires_backend_interface(interface=RSABackend)
+@pytest.mark.requires_backend_interface(interface=X509Backend)
+class TestOCSPNoCheckExtension(object):
+    def test_nocheck(self, backend):
+        cert = _load_cert(
+            os.path.join(
+                "x509", "custom", "ocsp_nocheck.pem"
+            ),
+            x509.load_pem_x509_certificate,
+            backend
+        )
+        ext = cert.extensions.get_extension_for_oid(
+            x509.OID_OCSP_NO_CHECK
+        )
+        assert isinstance(ext.value, x509.OCSPNoCheck)
+
+
 class TestInhibitAnyPolicy(object):
     def test_not_int(self):
         with pytest.raises(TypeError):