From f4f77cc4f76e643a050c99b0295facf1900335c4 Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Fri, 31 Mar 2023 16:46:53 -0400
Subject: Reject invalid versions in X509Req.set_version (#1208)

* Reject invalid versions in X509Req.set_version

* Update CHANGELOG.rst

Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com>

---------

Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com>
---
 src/OpenSSL/crypto.py | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'src/OpenSSL')

diff --git a/src/OpenSSL/crypto.py b/src/OpenSSL/crypto.py
index f5dd312..a3d9e9a 100644
--- a/src/OpenSSL/crypto.py
+++ b/src/OpenSSL/crypto.py
@@ -1010,6 +1010,12 @@ class X509Req:
         :param int version: The version number.
         :return: ``None``
         """
+        if not isinstance(version, int):
+            raise TypeError("version must be an int")
+        if version != 0:
+            raise ValueError(
+                "Invalid version. The only valid version for X509Req is 0."
+            )
         set_result = _lib.X509_REQ_set_version(self._req, version)
         _openssl_assert(set_result == 1)
 
-- 
cgit v1.2.1