Fix invalid cast from ASN1_TIME to ASN1_GENERALIZEDTIME (#612)

* Fix invalid cast from ASN1_TIME to ASN1_GENERALIZEDTIME, which ends up with an error with LibreSSL. * Require cryptography >= 1.9
author: Moriyoshi Koizumi <mozo@mozo.jp> 2017-06-22 00:54:20 +0900
committer: Paul Kehrer <paul.l.kehrer@gmail.com> 2017-06-21 05:54:20 -1000
commit: 80b25efa407f15c1c21323b7e512e2e051c0f5e3 (patch)
tree: ebc8edbefa084fa95762b53e2aa9cc781896260c
parent: a40898b5f1d472f9449a344f703fa7f90cddc21d (diff)
download: pyopenssl-80b25efa407f15c1c21323b7e512e2e051c0f5e3.tar.gz
3 files changed, 5 insertions, 13 deletions
diff --git a/setup.py b/setup.py
index 97aa209..4f30804 100755
--- a/setup.py
+++ b/setup.py
@@ -96,7 +96,7 @@ if __name__ == "__main__":
         package_dir={"": "src"},
         install_requires=[
             # Fix cryptographyMinimum in tox.ini when changing this!
-            "cryptography>=1.7",
+            "cryptography>=1.9",
             "six>=1.5.2"
         ],
     )
diff --git a/src/OpenSSL/crypto.py b/src/OpenSSL/crypto.py
index 3ef0e9b..3404172 100644
--- a/src/OpenSSL/crypto.py
+++ b/src/OpenSSL/crypto.py
@@ -103,7 +103,7 @@ def _set_asn1_time(boundary, when):
     """
     The the time value of an ASN1 time object.
 
-    @param boundary: An ASN1_GENERALIZEDTIME pointer (or an object safely
+    @param boundary: An ASN1_TIME pointer (or an object safely
         castable to that type) which will have its value set.
     @param when: A string representation of the desired time value.
 
@@ -116,17 +116,9 @@ def _set_asn1_time(boundary, when):
     if not isinstance(when, bytes):
         raise TypeError("when must be a byte string")
 
-    set_result = _lib.ASN1_GENERALIZEDTIME_set_string(
-        _ffi.cast('ASN1_GENERALIZEDTIME*', boundary), when)
+    set_result = _lib.ASN1_TIME_set_string(boundary, when)
     if set_result == 0:
-        dummy = _ffi.gc(_lib.ASN1_STRING_new(), _lib.ASN1_STRING_free)
-        _lib.ASN1_STRING_set(dummy, when, len(when))
-        check_result = _lib.ASN1_GENERALIZEDTIME_check(
-            _ffi.cast('ASN1_GENERALIZEDTIME*', dummy))
-        if not check_result:
-            raise ValueError("Invalid string")
-        else:
-            _untested_error()
+        raise ValueError("Invalid string")
 
 
 def _get_asn1_time(timestamp):
diff --git a/tox.ini b/tox.ini
index 1141261..9248041 100644
--- a/tox.ini
+++ b/tox.ini
@@ -9,7 +9,7 @@ deps =
     coverage>=4.2
     pytest>=3.0.1
     cryptographyMaster: git+https://github.com/pyca/cryptography.git
-    cryptographyMinimum: cryptography<1.8
+    cryptographyMinimum: cryptography<=1.9
 setenv =
     # Do not allow the executing environment to pollute the test environment
     # with extra packages.
author	Moriyoshi Koizumi <mozo@mozo.jp>	2017-06-22 00:54:20 +0900
committer	Paul Kehrer <paul.l.kehrer@gmail.com>	2017-06-21 05:54:20 -1000
commit	80b25efa407f15c1c21323b7e512e2e051c0f5e3 (patch)
tree	ebc8edbefa084fa95762b53e2aa9cc781896260c
parent	a40898b5f1d472f9449a344f703fa7f90cddc21d (diff)
download	pyopenssl-80b25efa407f15c1c21323b7e512e2e051c0f5e3.tar.gz