Add subject and issuer parameters to X509Extension(). Fix bug in OpenSSL.test.util.failUnlessRaises().
diff --git a/src/crypto/crypto.h b/src/crypto/crypto.h
index 2322720..7b8bade 100644
--- a/src/crypto/crypto.h
+++ b/src/crypto/crypto.h
@@ -58,7 +58,7 @@
#define crypto_X509Extension_New_NUM 5
#define crypto_X509Extension_New_RETURN crypto_X509ExtensionObj *
-#define crypto_X509Extension_New_PROTO (char *, int, char *)
+#define crypto_X509Extension_New_PROTO (char *, int, char *, crypto_X509Obj *, crypto_X509Obj *)
#define crypto_PKCS7_New_NUM 6
#define crypto_PKCS7_New_RETURN crypto_PKCS7Obj *
diff --git a/src/crypto/x509ext.c b/src/crypto/x509ext.c
index cd169d2..ce3d95d 100644
--- a/src/crypto/x509ext.c
+++ b/src/crypto/x509ext.c
@@ -75,7 +75,8 @@
* Returns: The newly created X509Extension object
*/
crypto_X509ExtensionObj *
-crypto_X509Extension_New(char *type_name, int critical, char *value)
+crypto_X509Extension_New(char *type_name, int critical, char *value,
+ crypto_X509Obj *subject, crypto_X509Obj *issuer)
{
X509V3_CTX ctx;
crypto_X509ExtensionObj *self;
@@ -84,7 +85,12 @@
/* We have no configuration database - but perhaps we should. Anyhow, the
* context is necessary for any extension which uses the r2i conversion
* method. That is, X509V3_EXT_nconf may segfault if passed a NULL ctx. */
+ X509V3_set_ctx(&ctx, NULL, NULL, NULL, NULL, 0);
X509V3_set_ctx_nodb(&ctx);
+ if(subject)
+ ctx.subject_cert = subject->x509;
+ if(issuer)
+ ctx.issuer_cert = issuer->x509;
self = PyObject_New(crypto_X509ExtensionObj, &crypto_X509Extension_Type);
@@ -137,27 +143,40 @@
}
static char crypto_X509Extension_doc[] = "\n\
-X509Extension(typename, critical, value) -> X509Extension instance\n\
+X509Extension(typename, critical, value[, subject][, issuer]) -> \n\
+ X509Extension instance\n\
\n\
@param typename: The name of the extension to create.\n\
@type typename: C{str}\n\
@param critical: A flag indicating whether this is a critical extension.\n\
@param value: The value of the extension.\n\
@type value: C{str}\n\
+@param subject: Optional X509 cert to use as subject.\n\
+@type subject: C{X509}\n\
+@param issuer: Optional X509 cert to use as issuer.\n\
+@type issuer: C{X509}\n\
@return: The X509Extension object\n\
";
static PyObject *
-crypto_X509Extension_new(PyTypeObject *subtype, PyObject *args, PyObject *kwargs) {
+crypto_X509Extension_new(PyTypeObject *subtype, PyObject *args,
+ PyObject *kwargs) {
char *type_name, *value;
- int critical;
+ int critical = 0;
+ crypto_X509Obj * subject = NULL;
+ crypto_X509Obj * issuer = NULL;
+ static char *kwlist[] = {"type_name", "critical", "value", "subject",
+ "issuer", NULL};
- if (!PyArg_ParseTuple(args, "sis:X509Extension", &type_name, &critical,
- &value)) {
+ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "sis|O!O!:X509Extension",
+ kwlist, &type_name, &critical, &value,
+ &crypto_X509_Type, &subject,
+ &crypto_X509_Type, &issuer )) {
return NULL;
}
- return (PyObject *)crypto_X509Extension_New(type_name, critical, value);
+ return (PyObject *)crypto_X509Extension_New(type_name, critical, value,
+ subject, issuer);
}
/*