diff options
author | Alex Gaynor <alex.gaynor@gmail.com> | 2016-03-11 11:18:38 -0500 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2016-03-11 11:18:38 -0500 |
commit | 61630a000b91c9a2b6ac743d5ae2172981dc18cb (patch) | |
tree | 054fae66ea540724c255c255a36b01392299c0f6 | |
parent | e600de620fb6fb1ad6098ad50e866ed60b201fc0 (diff) | |
parent | 2c605ba25ec9f0288ce94a424688a9b6c99b584f (diff) | |
download | pyopenssl-61630a000b91c9a2b6ac743d5ae2172981dc18cb.tar.gz |
Merge pull request #433 from reaperhulk/opaque-x509-ext
treat x509 extension objects as opaque pointers
-rw-r--r-- | src/OpenSSL/crypto.py | 17 | ||||
-rw-r--r-- | tests/test_crypto.py | 66 |
2 files changed, 76 insertions, 7 deletions
diff --git a/src/OpenSSL/crypto.py b/src/OpenSSL/crypto.py index b2b858e..ce32f93 100644 --- a/src/OpenSSL/crypto.py +++ b/src/OpenSSL/crypto.py @@ -697,7 +697,9 @@ class X509Extension(object): @property def _nid(self): - return _lib.OBJ_obj2nid(self._extension.object) + return _lib.OBJ_obj2nid( + _lib.X509_EXTENSION_get_object(self._extension) + ) _prefixes = { _lib.GEN_EMAIL: "email", @@ -710,8 +712,9 @@ class X509Extension(object): if method == _ffi.NULL: # TODO: This is untested. _raise_current_error() - payload = self._extension.value.data - length = self._extension.value.length + ext_data = _lib.X509_EXTENSION_get_data(self._extension) + payload = ext_data.data + length = ext_data.length payloadptr = _ffi.new("unsigned char**") payloadptr[0] = payload @@ -1784,7 +1787,8 @@ class Revoked(object): stack = self._revoked.extensions for i in range(_lib.sk_X509_EXTENSION_num(stack)): ext = _lib.sk_X509_EXTENSION_value(stack, i) - if _lib.OBJ_obj2nid(ext.object) == _lib.NID_crl_reason: + obj = _lib.X509_EXTENSION_get_object(ext) + if _lib.OBJ_obj2nid(obj) == _lib.NID_crl_reason: _lib.X509_EXTENSION_free(ext) _lib.sk_X509_EXTENSION_delete(stack, i) break @@ -1847,13 +1851,14 @@ class Revoked(object): extensions = self._revoked.extensions for i in range(_lib.sk_X509_EXTENSION_num(extensions)): ext = _lib.sk_X509_EXTENSION_value(extensions, i) - if _lib.OBJ_obj2nid(ext.object) == _lib.NID_crl_reason: + obj = _lib.X509_EXTENSION_get_object(ext) + if _lib.OBJ_obj2nid(obj) == _lib.NID_crl_reason: bio = _new_mem_buf() print_result = _lib.X509V3_EXT_print(bio, ext, 0, 0) if not print_result: print_result = _lib.M_ASN1_OCTET_STRING_print( - bio, ext.value + bio, _lib.X509_EXTENSION_get_data(ext) ) if print_result == 0: # TODO: This is untested. diff --git a/tests/test_crypto.py b/tests/test_crypto.py index a344f1c..136af0a 100644 --- a/tests/test_crypto.py +++ b/tests/test_crypto.py @@ -375,6 +375,45 @@ vrzEeLDRiiPl92dyyWmu -----END X509 CRL----- """) +crlDataUnsupportedExtension = b("""\ +-----BEGIN X509 CRL----- +MIIGRzCCBS8CAQIwDQYJKoZIhvcNAQELBQAwJzELMAkGA1UEBhMCVVMxGDAWBgNV +BAMMD2NyeXB0b2dyYXBoeS5pbxgPMjAxNTAxMDEwMDAwMDBaGA8yMDE2MDEwMTAw +MDAwMFowggTOMBQCAQAYDzIwMTUwMTAxMDAwMDAwWjByAgEBGA8yMDE1MDEwMTAw +MDAwMFowXDAYBgNVHRgEERgPMjAxNTAxMDEwMDAwMDBaMDQGA1UdHQQtMCukKTAn +MQswCQYDVQQGEwJVUzEYMBYGA1UEAwwPY3J5cHRvZ3JhcGh5LmlvMAoGA1UdFQQD +CgEAMHICAQIYDzIwMTUwMTAxMDAwMDAwWjBcMBgGA1UdGAQRGA8yMDE1MDEwMTAw +MDAwMFowNAYDVR0dBC0wK6QpMCcxCzAJBgNVBAYTAlVTMRgwFgYDVQQDDA9jcnlw +dG9ncmFwaHkuaW8wCgYDVR0VBAMKAQEwcgIBAxgPMjAxNTAxMDEwMDAwMDBaMFww +GAYDVR0YBBEYDzIwMTUwMTAxMDAwMDAwWjA0BgNVHR0ELTArpCkwJzELMAkGA1UE +BhMCVVMxGDAWBgNVBAMMD2NyeXB0b2dyYXBoeS5pbzAKBgNVHRUEAwoBAjByAgEE +GA8yMDE1MDEwMTAwMDAwMFowXDAYBgNVHRgEERgPMjAxNTAxMDEwMDAwMDBaMDQG +A1UdHQQtMCukKTAnMQswCQYDVQQGEwJVUzEYMBYGA1UEAwwPY3J5cHRvZ3JhcGh5 +LmlvMAoGA1UdFQQDCgEDMHICAQUYDzIwMTUwMTAxMDAwMDAwWjBcMBgGA1UdGAQR +GA8yMDE1MDEwMTAwMDAwMFowNAYDVR0dBC0wK6QpMCcxCzAJBgNVBAYTAlVTMRgw +FgYDVQQDDA9jcnlwdG9ncmFwaHkuaW8wCgYDVR0VBAMKAQQwcgIBBhgPMjAxNTAx +MDEwMDAwMDBaMFwwGAYDVR0YBBEYDzIwMTUwMTAxMDAwMDAwWjA0BgNVHR0ELTAr +pCkwJzELMAkGA1UEBhMCVVMxGDAWBgNVBAMMD2NyeXB0b2dyYXBoeS5pbzAKBgNV +HRUEAwoBBTByAgEHGA8yMDE1MDEwMTAwMDAwMFowXDAYBgNVHRgEERgPMjAxNTAx +MDEwMDAwMDBaMDQGA1UdHQQtMCukKTAnMQswCQYDVQQGEwJVUzEYMBYGA1UEAwwP +Y3J5cHRvZ3JhcGh5LmlvMAoGA1UdFQQDCgEGMHICAQgYDzIwMTUwMTAxMDAwMDAw +WjBcMBgGA1UdGAQRGA8yMDE1MDEwMTAwMDAwMFowNAYDVR0dBC0wK6QpMCcxCzAJ +BgNVBAYTAlVTMRgwFgYDVQQDDA9jcnlwdG9ncmFwaHkuaW8wCgYDVR0VBAMKAQgw +cgIBCRgPMjAxNTAxMDEwMDAwMDBaMFwwGAYDVR0YBBEYDzIwMTUwMTAxMDAwMDAw +WjA0BgNVHR0ELTArpCkwJzELMAkGA1UEBhMCVVMxGDAWBgNVBAMMD2NyeXB0b2dy +YXBoeS5pbzAKBgNVHRUEAwoBCTByAgEKGA8yMDE1MDEwMTAwMDAwMFowXDAYBgNV +HRgEERgPMjAxNTAxMDEwMDAwMDBaMDQGA1UdHQQtMCukKTAnMQswCQYDVQQGEwJV +UzEYMBYGA1UEAwwPY3J5cHRvZ3JhcGh5LmlvMAoGA1UdFQQDCgEKMC4CAQsYDzIw +MTUwMTAxMDAwMDAwWjAYMAoGA1UdFQQDCgEBMAoGAyoDBAQDCgEAMA0GCSqGSIb3 +DQEBCwUAA4IBAQBTaloHlPaCZzYee8LxkWej5meiqxQVNWFoVdjesroa+f1FRrH+ +drRU60Nq97KCKf7f9GNN/J3ZIlQmYhmuDqh12f+XLpotoj1ZRfBz2hjFCkJlv+2c +oWWGNHgA70ndFoVtcmX088SYpX8E3ARATivS4q2h9WlwV6rO93mhg3HGIe3JpcK4 +7BcW6Poi/ut/zsDOkVbI00SqaujRpdmdCTht82MH3ztjyDkI9KYaD/YEweKSrWOz +SdEILd164bfBeLuplVI+xpmTEMVNpXBlSXl7+xIw9Vk7p7Q1Pa3k/SvhOldYCm6y +C1xAg/AAq6w78yzYt18j5Mj0s6eeHi1YpHKw +-----END X509 CRL----- +""") + # A broken RSA private key which can be used to test the error path through # PKey.check. @@ -2933,9 +2972,34 @@ class NetscapeSPKITests(TestCase, _PKeyInteractionTestsMixin): self.assertTrue(isinstance(blob, binary_type)) +class TestRevoked(object): + """ + Please add test cases for the Revoked class here if possible. This class + holds the new py.test style tests. + """ + def test_ignores_unsupported_revoked_cert_extension_get_reason(self): + """ + The get_reason method on the Revoked class checks to see if the + extension is NID_crl_reason and should skip it otherwise. This test + loads a CRL with extensions it should ignore. + """ + crl = load_crl(FILETYPE_PEM, crlDataUnsupportedExtension) + revoked = crl.get_revoked() + reason = revoked[1].get_reason() + assert reason == b'Unspecified' + + def test_ignores_unsupported_revoked_cert_extension_set_new_reason(self): + crl = load_crl(FILETYPE_PEM, crlDataUnsupportedExtension) + revoked = crl.get_revoked() + revoked[1].set_reason(None) + reason = revoked[1].get_reason() + assert reason is None + + class RevokedTests(TestCase): """ - Tests for :py:obj:`OpenSSL.crypto.Revoked` + Tests for :py:obj:`OpenSSL.crypto.Revoked`. Please add test cases to + TestRevoked above if possible. """ def test_construction(self): |