Merge pull request #433 from reaperhulk/opaque-x509-ext
treat x509 extension objects as opaque pointers
diff --git a/src/OpenSSL/crypto.py b/src/OpenSSL/crypto.py
index b2b858e..ce32f93 100644
--- a/src/OpenSSL/crypto.py
+++ b/src/OpenSSL/crypto.py
@@ -697,7 +697,9 @@
@property
def _nid(self):
- return _lib.OBJ_obj2nid(self._extension.object)
+ return _lib.OBJ_obj2nid(
+ _lib.X509_EXTENSION_get_object(self._extension)
+ )
_prefixes = {
_lib.GEN_EMAIL: "email",
@@ -710,8 +712,9 @@
if method == _ffi.NULL:
# TODO: This is untested.
_raise_current_error()
- payload = self._extension.value.data
- length = self._extension.value.length
+ ext_data = _lib.X509_EXTENSION_get_data(self._extension)
+ payload = ext_data.data
+ length = ext_data.length
payloadptr = _ffi.new("unsigned char**")
payloadptr[0] = payload
@@ -1784,7 +1787,8 @@
stack = self._revoked.extensions
for i in range(_lib.sk_X509_EXTENSION_num(stack)):
ext = _lib.sk_X509_EXTENSION_value(stack, i)
- if _lib.OBJ_obj2nid(ext.object) == _lib.NID_crl_reason:
+ obj = _lib.X509_EXTENSION_get_object(ext)
+ if _lib.OBJ_obj2nid(obj) == _lib.NID_crl_reason:
_lib.X509_EXTENSION_free(ext)
_lib.sk_X509_EXTENSION_delete(stack, i)
break
@@ -1847,13 +1851,14 @@
extensions = self._revoked.extensions
for i in range(_lib.sk_X509_EXTENSION_num(extensions)):
ext = _lib.sk_X509_EXTENSION_value(extensions, i)
- if _lib.OBJ_obj2nid(ext.object) == _lib.NID_crl_reason:
+ obj = _lib.X509_EXTENSION_get_object(ext)
+ if _lib.OBJ_obj2nid(obj) == _lib.NID_crl_reason:
bio = _new_mem_buf()
print_result = _lib.X509V3_EXT_print(bio, ext, 0, 0)
if not print_result:
print_result = _lib.M_ASN1_OCTET_STRING_print(
- bio, ext.value
+ bio, _lib.X509_EXTENSION_get_data(ext)
)
if print_result == 0:
# TODO: This is untested.
diff --git a/tests/test_crypto.py b/tests/test_crypto.py
index a344f1c..136af0a 100644
--- a/tests/test_crypto.py
+++ b/tests/test_crypto.py
@@ -375,6 +375,45 @@
-----END X509 CRL-----
""")
+crlDataUnsupportedExtension = b("""\
+-----BEGIN X509 CRL-----
+MIIGRzCCBS8CAQIwDQYJKoZIhvcNAQELBQAwJzELMAkGA1UEBhMCVVMxGDAWBgNV
+BAMMD2NyeXB0b2dyYXBoeS5pbxgPMjAxNTAxMDEwMDAwMDBaGA8yMDE2MDEwMTAw
+MDAwMFowggTOMBQCAQAYDzIwMTUwMTAxMDAwMDAwWjByAgEBGA8yMDE1MDEwMTAw
+MDAwMFowXDAYBgNVHRgEERgPMjAxNTAxMDEwMDAwMDBaMDQGA1UdHQQtMCukKTAn
+MQswCQYDVQQGEwJVUzEYMBYGA1UEAwwPY3J5cHRvZ3JhcGh5LmlvMAoGA1UdFQQD
+CgEAMHICAQIYDzIwMTUwMTAxMDAwMDAwWjBcMBgGA1UdGAQRGA8yMDE1MDEwMTAw
+MDAwMFowNAYDVR0dBC0wK6QpMCcxCzAJBgNVBAYTAlVTMRgwFgYDVQQDDA9jcnlw
+dG9ncmFwaHkuaW8wCgYDVR0VBAMKAQEwcgIBAxgPMjAxNTAxMDEwMDAwMDBaMFww
+GAYDVR0YBBEYDzIwMTUwMTAxMDAwMDAwWjA0BgNVHR0ELTArpCkwJzELMAkGA1UE
+BhMCVVMxGDAWBgNVBAMMD2NyeXB0b2dyYXBoeS5pbzAKBgNVHRUEAwoBAjByAgEE
+GA8yMDE1MDEwMTAwMDAwMFowXDAYBgNVHRgEERgPMjAxNTAxMDEwMDAwMDBaMDQG
+A1UdHQQtMCukKTAnMQswCQYDVQQGEwJVUzEYMBYGA1UEAwwPY3J5cHRvZ3JhcGh5
+LmlvMAoGA1UdFQQDCgEDMHICAQUYDzIwMTUwMTAxMDAwMDAwWjBcMBgGA1UdGAQR
+GA8yMDE1MDEwMTAwMDAwMFowNAYDVR0dBC0wK6QpMCcxCzAJBgNVBAYTAlVTMRgw
+FgYDVQQDDA9jcnlwdG9ncmFwaHkuaW8wCgYDVR0VBAMKAQQwcgIBBhgPMjAxNTAx
+MDEwMDAwMDBaMFwwGAYDVR0YBBEYDzIwMTUwMTAxMDAwMDAwWjA0BgNVHR0ELTAr
+pCkwJzELMAkGA1UEBhMCVVMxGDAWBgNVBAMMD2NyeXB0b2dyYXBoeS5pbzAKBgNV
+HRUEAwoBBTByAgEHGA8yMDE1MDEwMTAwMDAwMFowXDAYBgNVHRgEERgPMjAxNTAx
+MDEwMDAwMDBaMDQGA1UdHQQtMCukKTAnMQswCQYDVQQGEwJVUzEYMBYGA1UEAwwP
+Y3J5cHRvZ3JhcGh5LmlvMAoGA1UdFQQDCgEGMHICAQgYDzIwMTUwMTAxMDAwMDAw
+WjBcMBgGA1UdGAQRGA8yMDE1MDEwMTAwMDAwMFowNAYDVR0dBC0wK6QpMCcxCzAJ
+BgNVBAYTAlVTMRgwFgYDVQQDDA9jcnlwdG9ncmFwaHkuaW8wCgYDVR0VBAMKAQgw
+cgIBCRgPMjAxNTAxMDEwMDAwMDBaMFwwGAYDVR0YBBEYDzIwMTUwMTAxMDAwMDAw
+WjA0BgNVHR0ELTArpCkwJzELMAkGA1UEBhMCVVMxGDAWBgNVBAMMD2NyeXB0b2dy
+YXBoeS5pbzAKBgNVHRUEAwoBCTByAgEKGA8yMDE1MDEwMTAwMDAwMFowXDAYBgNV
+HRgEERgPMjAxNTAxMDEwMDAwMDBaMDQGA1UdHQQtMCukKTAnMQswCQYDVQQGEwJV
+UzEYMBYGA1UEAwwPY3J5cHRvZ3JhcGh5LmlvMAoGA1UdFQQDCgEKMC4CAQsYDzIw
+MTUwMTAxMDAwMDAwWjAYMAoGA1UdFQQDCgEBMAoGAyoDBAQDCgEAMA0GCSqGSIb3
+DQEBCwUAA4IBAQBTaloHlPaCZzYee8LxkWej5meiqxQVNWFoVdjesroa+f1FRrH+
+drRU60Nq97KCKf7f9GNN/J3ZIlQmYhmuDqh12f+XLpotoj1ZRfBz2hjFCkJlv+2c
+oWWGNHgA70ndFoVtcmX088SYpX8E3ARATivS4q2h9WlwV6rO93mhg3HGIe3JpcK4
+7BcW6Poi/ut/zsDOkVbI00SqaujRpdmdCTht82MH3ztjyDkI9KYaD/YEweKSrWOz
+SdEILd164bfBeLuplVI+xpmTEMVNpXBlSXl7+xIw9Vk7p7Q1Pa3k/SvhOldYCm6y
+C1xAg/AAq6w78yzYt18j5Mj0s6eeHi1YpHKw
+-----END X509 CRL-----
+""")
+
# A broken RSA private key which can be used to test the error path through
# PKey.check.
@@ -2933,9 +2972,34 @@
self.assertTrue(isinstance(blob, binary_type))
+class TestRevoked(object):
+ """
+ Please add test cases for the Revoked class here if possible. This class
+ holds the new py.test style tests.
+ """
+ def test_ignores_unsupported_revoked_cert_extension_get_reason(self):
+ """
+ The get_reason method on the Revoked class checks to see if the
+ extension is NID_crl_reason and should skip it otherwise. This test
+ loads a CRL with extensions it should ignore.
+ """
+ crl = load_crl(FILETYPE_PEM, crlDataUnsupportedExtension)
+ revoked = crl.get_revoked()
+ reason = revoked[1].get_reason()
+ assert reason == b'Unspecified'
+
+ def test_ignores_unsupported_revoked_cert_extension_set_new_reason(self):
+ crl = load_crl(FILETYPE_PEM, crlDataUnsupportedExtension)
+ revoked = crl.get_revoked()
+ revoked[1].set_reason(None)
+ reason = revoked[1].get_reason()
+ assert reason is None
+
+
class RevokedTests(TestCase):
"""
- Tests for :py:obj:`OpenSSL.crypto.Revoked`
+ Tests for :py:obj:`OpenSSL.crypto.Revoked`. Please add test cases to
+ TestRevoked above if possible.
"""
def test_construction(self):