diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2023-03-28 12:49:01 +0900 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-03-27 23:49:01 -0400 |
| commit | da18a74f9fb50becfae33da80e0184fe56a640ce (patch) | |
| tree | b801d2648c48ae604b81e6a4023005a2857aed88 | |
| parent | 983aa3151e38849a495720fa6b607d7b9cc53f89 (diff) | |
| download | pyopenssl-git-da18a74f9fb50becfae33da80e0184fe56a640ce.tar.gz | |
port changelog (#1205)
* port changelog
* forward port the nid2sn workaround
| -rw-r--r-- | CHANGELOG.rst | 17 | ||||
| -rw-r--r-- | src/OpenSSL/crypto.py | 9 | ||||
| -rw-r--r-- | tests/test_crypto.py | 8 |
3 files changed, 32 insertions, 2 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 8de589f..f219137 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -16,6 +16,21 @@ Deprecations: Changes: ^^^^^^^^ +23.1.1 (2023-03-28) +------------------- + +Backward-incompatible changes: +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Deprecations: +^^^^^^^^^^^^^ + +Changes: +^^^^^^^^ + +- Worked around an issue in OpenSSL 3.1.0 which caused `X509Extension.get_short_name` to raise an exception when no short name was known to OpenSSL. + `#1204 <https://github.com/pyca/pyopenssl/pull/1204>`_. + 23.1.0 (2023-03-24) ------------------- @@ -56,7 +71,7 @@ Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - Remove support for SSLv2 and SSLv3. -- The minimum ``cryptography`` version is now 38.0.x (and we now pin releases +- The minimum ``cryptography`` version is now 38.0.x (and we now pin releases against ``cryptography`` major versions to prevent future breakage) - The ``OpenSSL.crypto.X509StoreContextError`` exception has been refactored, changing its internal attributes. diff --git a/src/OpenSSL/crypto.py b/src/OpenSSL/crypto.py index 8b12769..f5dd312 100644 --- a/src/OpenSSL/crypto.py +++ b/src/OpenSSL/crypto.py @@ -904,7 +904,14 @@ class X509Extension: """ obj = _lib.X509_EXTENSION_get_object(self._extension) nid = _lib.OBJ_obj2nid(obj) - return _ffi.string(_lib.OBJ_nid2sn(nid)) + # OpenSSL 3.1.0 has a bug where nid2sn returns NULL for NIDs that + # previously returned UNDEF. This is a workaround for that issue. + # https://github.com/openssl/openssl/commit/908ba3ed9adbb3df90f76 + buf = _lib.OBJ_nid2sn(nid) + if buf != _ffi.NULL: + return _ffi.string(buf) + else: + return b"UNDEF" def get_data(self) -> bytes: """ diff --git a/tests/test_crypto.py b/tests/test_crypto.py index 4b63fa2..3212fba 100644 --- a/tests/test_crypto.py +++ b/tests/test_crypto.py @@ -1681,6 +1681,14 @@ class TestX509Req(_PKeyInteractionTestsMixin): exts = request.get_extensions() assert len(exts) == 2 + def test_undef_oid(self): + assert ( + X509Extension( + b"1.2.3.4.5.6.7", False, b"DER:05:00" + ).get_short_name() + == b"UNDEF" + ) + def test_add_extensions_wrong_args(self): """ `X509Req.add_extensions` raises `TypeError` if called with a |