diff options
author | David Benjamin <davidben@google.com> | 2020-06-24 17:14:16 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-06-24 17:14:16 -0400 |
commit | 6b79947fa3ce38795de4fc16db3095f3216935ca (patch) | |
tree | 1c425366baa582d3e2d8ac069b18ca57d2f9806a /tests/test_crypto.py | |
parent | 2dca7a75eef7c931abbbb6b9a87b1659db5ae6c8 (diff) | |
download | pyopenssl-git-6b79947fa3ce38795de4fc16db3095f3216935ca.tar.gz |
Fix generated test X.509 certificates. (#917)
From RFC 5280, section 4.1.2.9:
[Extensions] MUST only appear if the version is 3 (Section 4.1.2.1).
If present, this field is a SEQUENCE of one or more certificate
extensions. The format and content of certificate extensions in the
Internet PKI are defined in Section 4.2.
X509 objects default to v1, so the test certs need a set_version(2) call. (Note
v3 is encoded as 2.)
Diffstat (limited to 'tests/test_crypto.py')
-rw-r--r-- | tests/test_crypto.py | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/tests/test_crypto.py b/tests/test_crypto.py index 34a9d6e..2a0c967 100644 --- a/tests/test_crypto.py +++ b/tests/test_crypto.py @@ -1729,6 +1729,9 @@ WpOdIpB8KksUTCzV591Nr1wd def _extcert(self, pkey, extensions): cert = X509() + # Certificates with extensions must be X.509v3, which is encoded with a + # version of two. + cert.set_version(2) cert.set_pubkey(pkey) cert.get_subject().commonName = "Unit Tests" cert.get_issuer().commonName = "Unit Tests" |