diff options
author | Alex Gaynor <alex.gaynor@gmail.com> | 2023-03-31 16:46:53 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-04-01 05:46:53 +0900 |
commit | f4f77cc4f76e643a050c99b0295facf1900335c4 (patch) | |
tree | 53fd26dcda9b8e9f8d00ab7cdf3ea34cb4a73167 | |
parent | da18a74f9fb50becfae33da80e0184fe56a640ce (diff) | |
download | pyopenssl-git-f4f77cc4f76e643a050c99b0295facf1900335c4.tar.gz |
Reject invalid versions in X509Req.set_version (#1208)
* Reject invalid versions in X509Req.set_version
* Update CHANGELOG.rst
Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com>
---------
Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com>
-rw-r--r-- | CHANGELOG.rst | 2 | ||||
-rw-r--r-- | src/OpenSSL/crypto.py | 6 | ||||
-rw-r--r-- | tests/test_crypto.py | 12 |
3 files changed, 11 insertions, 9 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst index f219137..8a0957e 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -16,6 +16,8 @@ Deprecations: Changes: ^^^^^^^^ +- Invalid versions are now rejected in ``OpenSSL.crypto.X509Req.set_version``. + 23.1.1 (2023-03-28) ------------------- diff --git a/src/OpenSSL/crypto.py b/src/OpenSSL/crypto.py index f5dd312..a3d9e9a 100644 --- a/src/OpenSSL/crypto.py +++ b/src/OpenSSL/crypto.py @@ -1010,6 +1010,12 @@ class X509Req: :param int version: The version number. :return: ``None`` """ + if not isinstance(version, int): + raise TypeError("version must be an int") + if version != 0: + raise ValueError( + "Invalid version. The only valid version for X509Req is 0." + ) set_result = _lib.X509_REQ_set_version(self._req, version) _openssl_assert(set_result == 1) diff --git a/tests/test_crypto.py b/tests/test_crypto.py index 3212fba..0f67d20 100644 --- a/tests/test_crypto.py +++ b/tests/test_crypto.py @@ -1601,20 +1601,12 @@ class TestX509Req(_PKeyInteractionTestsMixin): """ `X509Req.set_version` sets the X.509 version of the certificate request. `X509Req.get_version` returns the X.509 version of the - certificate request. The only defined version is 0. Others may or - may not be supported depending on backend. + certificate request. The only defined version is 0. """ request = X509Req() assert request.get_version() == 0 request.set_version(0) assert request.get_version() == 0 - try: - request.set_version(1) - assert request.get_version() == 1 - request.set_version(3) - assert request.get_version() == 3 - except Error: - pass def test_version_wrong_args(self): """ @@ -1624,6 +1616,8 @@ class TestX509Req(_PKeyInteractionTestsMixin): request = X509Req() with pytest.raises(TypeError): request.set_version("foo") + with pytest.raises(ValueError): + request.set_version(2) def test_get_subject(self): """ |