diff options
| author | Christian Heimes <christian@python.org> | 2022-02-20 20:42:31 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-02-20 20:42:31 (GMT) |
| commit | be095f6c32188bba02079d086ac8639ea37cec3c (patch) | |
| tree | 002f005bff12da40c9c5efaeca830e8246fdfad6 | |
| parent | b77158b4da449ec5b8f682816a79d004fd65ed07 (diff) | |
| download | cpython-be095f6c32188bba02079d086ac8639ea37cec3c.zip cpython-be095f6c32188bba02079d086ac8639ea37cec3c.tar.gz cpython-be095f6c32188bba02079d086ac8639ea37cec3c.tar.bz2 | |
bpo-46232: Fix parsing of certs with bit string in DN (GH-30351)
| -rw-r--r-- | Misc/NEWS.d/next/Library/2022-01-03-09-46-44.bpo-46232.s0KlyI.rst | 2 | ||||
| -rw-r--r-- | Modules/_ssl.c | 26 |
2 files changed, 21 insertions, 7 deletions
diff --git a/Misc/NEWS.d/next/Library/2022-01-03-09-46-44.bpo-46232.s0KlyI.rst b/Misc/NEWS.d/next/Library/2022-01-03-09-46-44.bpo-46232.s0KlyI.rst new file mode 100644 index 0000000..e252449 --- /dev/null +++ b/Misc/NEWS.d/next/Library/2022-01-03-09-46-44.bpo-46232.s0KlyI.rst @@ -0,0 +1,2 @@ +The :mod:`ssl` module now handles certificates with bit strings in DN +correctly. diff --git a/Modules/_ssl.c b/Modules/_ssl.c index d7e041f..312b2ea 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -1053,17 +1053,29 @@ _create_tuple_for_attribute(_sslmodulestate *state, ASN1_OBJECT *name, ASN1_STRING *value) { Py_ssize_t buflen; - unsigned char *valuebuf = NULL; - PyObject *attr; + PyObject *pyattr; + PyObject *pyname = _asn1obj2py(state, name, 0); - buflen = ASN1_STRING_to_UTF8(&valuebuf, value); - if (buflen < 0) { + if (pyname == NULL) { _setSSLError(state, NULL, 0, __FILE__, __LINE__); return NULL; } - attr = Py_BuildValue("Ns#", _asn1obj2py(state, name, 0), valuebuf, buflen); - OPENSSL_free(valuebuf); - return attr; + + if (ASN1_STRING_type(value) == V_ASN1_BIT_STRING) { + buflen = ASN1_STRING_length(value); + pyattr = Py_BuildValue("Ny#", pyname, ASN1_STRING_get0_data(value), buflen); + } else { + unsigned char *valuebuf = NULL; + buflen = ASN1_STRING_to_UTF8(&valuebuf, value); + if (buflen < 0) { + _setSSLError(state, NULL, 0, __FILE__, __LINE__); + Py_DECREF(pyname); + return NULL; + } + pyattr = Py_BuildValue("Ns#", pyname, valuebuf, buflen); + OPENSSL_free(valuebuf); + } + return pyattr; } static PyObject * |