diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2021-11-20 10:56:55 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-11-20 02:56:55 +0000 |
| commit | 458e9eb698a17e02f1a9107b4c7d1e085ce6b968 (patch) | |
| tree | 27c0c48127644600db15225f64ee921bc5141b2a /tests | |
| parent | 302e2aceb1611fab953c192a26280a401011b70c (diff) | |
| download | cryptography-458e9eb698a17e02f1a9107b4c7d1e085ce6b968.tar.gz | |
support negative serials in certificate parsing (#6626)
* support negative serials in certificate parsing
but raise a warning every time we see it. also proactively raise on
initial parse of the certificate, not just when accessing the
serial_number attribute
* cargo fmt
* review feedback and changelog
* pssh
* Update CHANGELOG.rst
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/x509/test_x509.py | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/tests/x509/test_x509.py b/tests/x509/test_x509.py index 9e0a35bde..17076d992 100644 --- a/tests/x509/test_x509.py +++ b/tests/x509/test_x509.py @@ -735,13 +735,18 @@ class TestRSACertificate(object): assert cert == cert2 def test_negative_serial_number(self, backend): - with pytest.raises(ValueError, match="TbsCertificate::serial"): - _load_cert( + # We load certificates with negative serial numbers but on load + # and on access of the attribute we raise a warning + with pytest.warns(utils.DeprecatedIn36): + cert = _load_cert( os.path.join("x509", "custom", "negative_serial.pem"), x509.load_pem_x509_certificate, backend, ) + with pytest.warns(utils.DeprecatedIn36): + assert cert.serial_number == -18008675309 + def test_alternate_rsa_with_sha1_oid(self, backend): cert = _load_cert( os.path.join("x509", "custom", "alternate-rsa-sha1-oid.der"), |