Merge pull request #433 from reaperhulk/opaque-x509-ext

treat x509 extension objects as opaque pointers
author: Alex Gaynor <alex.gaynor@gmail.com> 2016-03-11 11:18:38 -0500
committer: Alex Gaynor <alex.gaynor@gmail.com> 2016-03-11 11:18:38 -0500
commit: 61630a000b91c9a2b6ac743d5ae2172981dc18cb (patch)
tree: 054fae66ea540724c255c255a36b01392299c0f6
parent: e600de620fb6fb1ad6098ad50e866ed60b201fc0 (diff)
parent: 2c605ba25ec9f0288ce94a424688a9b6c99b584f (diff)
download: pyopenssl-61630a000b91c9a2b6ac743d5ae2172981dc18cb.tar.gz
2 files changed, 76 insertions, 7 deletions
diff --git a/src/OpenSSL/crypto.py b/src/OpenSSL/crypto.py
index b2b858e..ce32f93 100644
--- a/src/OpenSSL/crypto.py
+++ b/src/OpenSSL/crypto.py
@@ -697,7 +697,9 @@ class X509Extension(object):
 
     @property
     def _nid(self):
-        return _lib.OBJ_obj2nid(self._extension.object)
+        return _lib.OBJ_obj2nid(
+            _lib.X509_EXTENSION_get_object(self._extension)
+        )
 
     _prefixes = {
         _lib.GEN_EMAIL: "email",
@@ -710,8 +712,9 @@ class X509Extension(object):
         if method == _ffi.NULL:
             # TODO: This is untested.
             _raise_current_error()
-        payload = self._extension.value.data
-        length = self._extension.value.length
+        ext_data = _lib.X509_EXTENSION_get_data(self._extension)
+        payload = ext_data.data
+        length = ext_data.length
 
         payloadptr = _ffi.new("unsigned char**")
         payloadptr[0] = payload
@@ -1784,7 +1787,8 @@ class Revoked(object):
         stack = self._revoked.extensions
         for i in range(_lib.sk_X509_EXTENSION_num(stack)):
             ext = _lib.sk_X509_EXTENSION_value(stack, i)
-            if _lib.OBJ_obj2nid(ext.object) == _lib.NID_crl_reason:
+            obj = _lib.X509_EXTENSION_get_object(ext)
+            if _lib.OBJ_obj2nid(obj) == _lib.NID_crl_reason:
                 _lib.X509_EXTENSION_free(ext)
                 _lib.sk_X509_EXTENSION_delete(stack, i)
                 break
@@ -1847,13 +1851,14 @@ class Revoked(object):
         extensions = self._revoked.extensions
         for i in range(_lib.sk_X509_EXTENSION_num(extensions)):
             ext = _lib.sk_X509_EXTENSION_value(extensions, i)
-            if _lib.OBJ_obj2nid(ext.object) == _lib.NID_crl_reason:
+            obj = _lib.X509_EXTENSION_get_object(ext)
+            if _lib.OBJ_obj2nid(obj) == _lib.NID_crl_reason:
                 bio = _new_mem_buf()
 
                 print_result = _lib.X509V3_EXT_print(bio, ext, 0, 0)
                 if not print_result:
                     print_result = _lib.M_ASN1_OCTET_STRING_print(
-                        bio, ext.value
+                        bio, _lib.X509_EXTENSION_get_data(ext)
                     )
                     if print_result == 0:
                         # TODO: This is untested.
diff --git a/tests/test_crypto.py b/tests/test_crypto.py
index a344f1c..136af0a 100644
--- a/tests/test_crypto.py
+++ b/tests/test_crypto.py
@@ -375,6 +375,45 @@ vrzEeLDRiiPl92dyyWmu
 -----END X509 CRL-----
 """)
 
+crlDataUnsupportedExtension = b("""\
+-----BEGIN X509 CRL-----
+MIIGRzCCBS8CAQIwDQYJKoZIhvcNAQELBQAwJzELMAkGA1UEBhMCVVMxGDAWBgNV
+BAMMD2NyeXB0b2dyYXBoeS5pbxgPMjAxNTAxMDEwMDAwMDBaGA8yMDE2MDEwMTAw
+MDAwMFowggTOMBQCAQAYDzIwMTUwMTAxMDAwMDAwWjByAgEBGA8yMDE1MDEwMTAw
+MDAwMFowXDAYBgNVHRgEERgPMjAxNTAxMDEwMDAwMDBaMDQGA1UdHQQtMCukKTAn
+MQswCQYDVQQGEwJVUzEYMBYGA1UEAwwPY3J5cHRvZ3JhcGh5LmlvMAoGA1UdFQQD
+CgEAMHICAQIYDzIwMTUwMTAxMDAwMDAwWjBcMBgGA1UdGAQRGA8yMDE1MDEwMTAw
+MDAwMFowNAYDVR0dBC0wK6QpMCcxCzAJBgNVBAYTAlVTMRgwFgYDVQQDDA9jcnlw
+dG9ncmFwaHkuaW8wCgYDVR0VBAMKAQEwcgIBAxgPMjAxNTAxMDEwMDAwMDBaMFww
+GAYDVR0YBBEYDzIwMTUwMTAxMDAwMDAwWjA0BgNVHR0ELTArpCkwJzELMAkGA1UE
+BhMCVVMxGDAWBgNVBAMMD2NyeXB0b2dyYXBoeS5pbzAKBgNVHRUEAwoBAjByAgEE
+GA8yMDE1MDEwMTAwMDAwMFowXDAYBgNVHRgEERgPMjAxNTAxMDEwMDAwMDBaMDQG
+A1UdHQQtMCukKTAnMQswCQYDVQQGEwJVUzEYMBYGA1UEAwwPY3J5cHRvZ3JhcGh5
+LmlvMAoGA1UdFQQDCgEDMHICAQUYDzIwMTUwMTAxMDAwMDAwWjBcMBgGA1UdGAQR
+GA8yMDE1MDEwMTAwMDAwMFowNAYDVR0dBC0wK6QpMCcxCzAJBgNVBAYTAlVTMRgw
+FgYDVQQDDA9jcnlwdG9ncmFwaHkuaW8wCgYDVR0VBAMKAQQwcgIBBhgPMjAxNTAx
+MDEwMDAwMDBaMFwwGAYDVR0YBBEYDzIwMTUwMTAxMDAwMDAwWjA0BgNVHR0ELTAr
+pCkwJzELMAkGA1UEBhMCVVMxGDAWBgNVBAMMD2NyeXB0b2dyYXBoeS5pbzAKBgNV
+HRUEAwoBBTByAgEHGA8yMDE1MDEwMTAwMDAwMFowXDAYBgNVHRgEERgPMjAxNTAx
+MDEwMDAwMDBaMDQGA1UdHQQtMCukKTAnMQswCQYDVQQGEwJVUzEYMBYGA1UEAwwP
+Y3J5cHRvZ3JhcGh5LmlvMAoGA1UdFQQDCgEGMHICAQgYDzIwMTUwMTAxMDAwMDAw
+WjBcMBgGA1UdGAQRGA8yMDE1MDEwMTAwMDAwMFowNAYDVR0dBC0wK6QpMCcxCzAJ
+BgNVBAYTAlVTMRgwFgYDVQQDDA9jcnlwdG9ncmFwaHkuaW8wCgYDVR0VBAMKAQgw
+cgIBCRgPMjAxNTAxMDEwMDAwMDBaMFwwGAYDVR0YBBEYDzIwMTUwMTAxMDAwMDAw
+WjA0BgNVHR0ELTArpCkwJzELMAkGA1UEBhMCVVMxGDAWBgNVBAMMD2NyeXB0b2dy
+YXBoeS5pbzAKBgNVHRUEAwoBCTByAgEKGA8yMDE1MDEwMTAwMDAwMFowXDAYBgNV
+HRgEERgPMjAxNTAxMDEwMDAwMDBaMDQGA1UdHQQtMCukKTAnMQswCQYDVQQGEwJV
+UzEYMBYGA1UEAwwPY3J5cHRvZ3JhcGh5LmlvMAoGA1UdFQQDCgEKMC4CAQsYDzIw
+MTUwMTAxMDAwMDAwWjAYMAoGA1UdFQQDCgEBMAoGAyoDBAQDCgEAMA0GCSqGSIb3
+DQEBCwUAA4IBAQBTaloHlPaCZzYee8LxkWej5meiqxQVNWFoVdjesroa+f1FRrH+
+drRU60Nq97KCKf7f9GNN/J3ZIlQmYhmuDqh12f+XLpotoj1ZRfBz2hjFCkJlv+2c
+oWWGNHgA70ndFoVtcmX088SYpX8E3ARATivS4q2h9WlwV6rO93mhg3HGIe3JpcK4
+7BcW6Poi/ut/zsDOkVbI00SqaujRpdmdCTht82MH3ztjyDkI9KYaD/YEweKSrWOz
+SdEILd164bfBeLuplVI+xpmTEMVNpXBlSXl7+xIw9Vk7p7Q1Pa3k/SvhOldYCm6y
+C1xAg/AAq6w78yzYt18j5Mj0s6eeHi1YpHKw
+-----END X509 CRL-----
+""")
+
 
 # A broken RSA private key which can be used to test the error path through
 # PKey.check.
@@ -2933,9 +2972,34 @@ class NetscapeSPKITests(TestCase, _PKeyInteractionTestsMixin):
         self.assertTrue(isinstance(blob, binary_type))
 
 
+class TestRevoked(object):
+    """
+    Please add test cases for the Revoked class here if possible. This class
+    holds the new py.test style tests.
+    """
+    def test_ignores_unsupported_revoked_cert_extension_get_reason(self):
+        """
+        The get_reason method on the Revoked class checks to see if the
+        extension is NID_crl_reason and should skip it otherwise. This test
+        loads a CRL with extensions it should ignore.
+        """
+        crl = load_crl(FILETYPE_PEM, crlDataUnsupportedExtension)
+        revoked = crl.get_revoked()
+        reason = revoked[1].get_reason()
+        assert reason == b'Unspecified'
+
+    def test_ignores_unsupported_revoked_cert_extension_set_new_reason(self):
+        crl = load_crl(FILETYPE_PEM, crlDataUnsupportedExtension)
+        revoked = crl.get_revoked()
+        revoked[1].set_reason(None)
+        reason = revoked[1].get_reason()
+        assert reason is None
+
+
 class RevokedTests(TestCase):
     """
-    Tests for :py:obj:`OpenSSL.crypto.Revoked`
+    Tests for :py:obj:`OpenSSL.crypto.Revoked`. Please add test cases to
+    TestRevoked above if possible.
     """
 
     def test_construction(self):
author	Alex Gaynor <alex.gaynor@gmail.com>	2016-03-11 11:18:38 -0500
committer	Alex Gaynor <alex.gaynor@gmail.com>	2016-03-11 11:18:38 -0500
commit	61630a000b91c9a2b6ac743d5ae2172981dc18cb (patch)
tree	054fae66ea540724c255c255a36b01392299c0f6
parent	e600de620fb6fb1ad6098ad50e866ed60b201fc0 (diff)
parent	2c605ba25ec9f0288ce94a424688a9b6c99b584f (diff)
download	pyopenssl-61630a000b91c9a2b6ac743d5ae2172981dc18cb.tar.gz