diff options
author | Alex Gaynor <alex.gaynor@gmail.com> | 2017-06-06 11:53:11 (GMT) |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-06-06 11:53:11 (GMT) |
commit | b87c0dfe902009e926edfb4ea5c7b26dcbdca2fe (patch) | |
tree | 165f57d85903145d626f16c3e27b60dd4f3aca52 | |
parent | 8b7a4cc40e9b2f34da94efb75b158da762624015 (diff) | |
download | cpython-b87c0dfe902009e926edfb4ea5c7b26dcbdca2fe.zip cpython-b87c0dfe902009e926edfb4ea5c7b26dcbdca2fe.tar.gz cpython-b87c0dfe902009e926edfb4ea5c7b26dcbdca2fe.tar.bz2 |
Simplify X.509 extension handling code (#1855)
* Simplify X.509 extension handling code
The previous implementation had grown organically over time, as OpenSSL's API evolved.
* Delete even more code
-rw-r--r-- | Modules/_ssl.c | 34 |
1 files changed, 4 insertions, 30 deletions
diff --git a/Modules/_ssl.c b/Modules/_ssl.c index 0fb0d88..147703c 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -905,18 +905,15 @@ _get_peer_alt_names (X509 *certificate) { then iterates through the stack to add the names. */ - int i, j; + int j; PyObject *peer_alt_names = Py_None; PyObject *v = NULL, *t; - X509_EXTENSION *ext = NULL; GENERAL_NAMES *names = NULL; GENERAL_NAME *name; - const X509V3_EXT_METHOD *method; BIO *biobuf = NULL; char buf[2048]; char *vptr; int len; - const unsigned char *p; if (certificate == NULL) return peer_alt_names; @@ -924,38 +921,15 @@ _get_peer_alt_names (X509 *certificate) { /* get a memory buffer */ biobuf = BIO_new(BIO_s_mem()); - i = -1; - while ((i = X509_get_ext_by_NID( - certificate, NID_subject_alt_name, i)) >= 0) { - + names = (GENERAL_NAMES *)X509_get_ext_d2i( + certificate, NID_subject_alt_name, NULL, NULL); + if (names != NULL) { if (peer_alt_names == Py_None) { peer_alt_names = PyList_New(0); if (peer_alt_names == NULL) goto fail; } - /* now decode the altName */ - ext = X509_get_ext(certificate, i); - if(!(method = X509V3_EXT_get(ext))) { - PyErr_SetString - (PySSLErrorObject, - ERRSTR("No method for internalizing subjectAltName!")); - goto fail; - } - - p = X509_EXTENSION_get_data(ext)->data; - if (method->it) - names = (GENERAL_NAMES*) - (ASN1_item_d2i(NULL, - &p, - X509_EXTENSION_get_data(ext)->length, - ASN1_ITEM_ptr(method->it))); - else - names = (GENERAL_NAMES*) - (method->d2i(NULL, - &p, - X509_EXTENSION_get_data(ext)->length)); - for(j = 0; j < sk_GENERAL_NAME_num(names); j++) { /* get a rendering of each name in the set of names */ int gntype; |