diff options
| author | David Benjamin <davidben@google.com> | 2022-05-12 14:22:08 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-05-12 14:22:08 -0400 |
| commit | 3e4d61ab10a74510dd14b232d46d5eed87eddd09 (patch) | |
| tree | 247c807922a70c7b28b5912c48f331abfd28cac2 /src/OpenSSL | |
| parent | 8e9f0c2c9190d6c56b440fb4920904d1cac79a84 (diff) | |
| download | pyopenssl-3e4d61ab10a74510dd14b232d46d5eed87eddd09.tar.gz | |
Fix X.509 version handling. (#1123)
Certificate versions go up to v3 (numeric value 2), CRLs go up to v2
(numeric value 1), and CSRs go up to v1 (numeric value 0). This CL fixes
the following issues:
- Add a missing check to the return value of X509_set_version
- Fix crlDataUnsupportedExtension which had an invalid CRL version.
- Switch TestX509.test_version to test valid versions, so it doesn't
prevent OpenSSL or an OpenSSL derivative from checking for invalid
versions.
- Make TestX509Req.test_version tolerate set_version(1) failing on CSRs.
Since there's nothing useful to test otherwise, I've made the test
work for either possible backend behavior.
Diffstat (limited to 'src/OpenSSL')
| -rw-r--r-- | src/OpenSSL/crypto.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/OpenSSL/crypto.py b/src/OpenSSL/crypto.py index 5385541..8dec9a6 100644 --- a/src/OpenSSL/crypto.py +++ b/src/OpenSSL/crypto.py @@ -1148,7 +1148,7 @@ class X509: if not isinstance(version, int): raise TypeError("version must be an integer") - _lib.X509_set_version(self._x509, version) + _openssl_assert(_lib.X509_set_version(self._x509, version) == 1) def get_version(self): """ |