Fix generated test X.509 certificates. (#917)

From RFC 5280, section 4.1.2.9: [Extensions] MUST only appear if the version is 3 (Section 4.1.2.1). If present, this field is a SEQUENCE of one or more certificate extensions. The format and content of certificate extensions in the Internet PKI are defined in Section 4.2. X509 objects default to v1, so the test certs need a set_version(2) call. (Note v3 is encoded as 2.)
author: David Benjamin <davidben@google.com> 2020-06-24 17:14:16 -0400
committer: GitHub <noreply@github.com> 2020-06-24 17:14:16 -0400
commit: 6b79947fa3ce38795de4fc16db3095f3216935ca (patch)
tree: 1c425366baa582d3e2d8ac069b18ca57d2f9806a /tests/test_crypto.py
parent: 2dca7a75eef7c931abbbb6b9a87b1659db5ae6c8 (diff)
download: pyopenssl-git-6b79947fa3ce38795de4fc16db3095f3216935ca.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/tests/test_crypto.py b/tests/test_crypto.py
index 34a9d6e..2a0c967 100644
--- a/tests/test_crypto.py
+++ b/tests/test_crypto.py
@@ -1729,6 +1729,9 @@ WpOdIpB8KksUTCzV591Nr1wd
 
     def _extcert(self, pkey, extensions):
         cert = X509()
+        # Certificates with extensions must be X.509v3, which is encoded with a
+        # version of two.
+        cert.set_version(2)
         cert.set_pubkey(pkey)
         cert.get_subject().commonName = "Unit Tests"
         cert.get_issuer().commonName = "Unit Tests"
author	David Benjamin <davidben@google.com>	2020-06-24 17:14:16 -0400
committer	GitHub <noreply@github.com>	2020-06-24 17:14:16 -0400
commit	6b79947fa3ce38795de4fc16db3095f3216935ca (patch)
tree	1c425366baa582d3e2d8ac069b18ca57d2f9806a /tests/test_crypto.py
parent	2dca7a75eef7c931abbbb6b9a87b1659db5ae6c8 (diff)
download	pyopenssl-git-6b79947fa3ce38795de4fc16db3095f3216935ca.tar.gz