summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlex Gaynor <alex.gaynor@gmail.com>2017-06-06 11:53:11 (GMT)
committerGitHub <noreply@github.com>2017-06-06 11:53:11 (GMT)
commitb87c0dfe902009e926edfb4ea5c7b26dcbdca2fe (patch)
tree165f57d85903145d626f16c3e27b60dd4f3aca52
parent8b7a4cc40e9b2f34da94efb75b158da762624015 (diff)
downloadcpython-b87c0dfe902009e926edfb4ea5c7b26dcbdca2fe.zip
cpython-b87c0dfe902009e926edfb4ea5c7b26dcbdca2fe.tar.gz
cpython-b87c0dfe902009e926edfb4ea5c7b26dcbdca2fe.tar.bz2
Simplify X.509 extension handling code (#1855)
* Simplify X.509 extension handling code The previous implementation had grown organically over time, as OpenSSL's API evolved. * Delete even more code
-rw-r--r--Modules/_ssl.c34
1 files changed, 4 insertions, 30 deletions
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 0fb0d88..147703c 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -905,18 +905,15 @@ _get_peer_alt_names (X509 *certificate) {
then iterates through the stack to add the
names. */
- int i, j;
+ int j;
PyObject *peer_alt_names = Py_None;
PyObject *v = NULL, *t;
- X509_EXTENSION *ext = NULL;
GENERAL_NAMES *names = NULL;
GENERAL_NAME *name;
- const X509V3_EXT_METHOD *method;
BIO *biobuf = NULL;
char buf[2048];
char *vptr;
int len;
- const unsigned char *p;
if (certificate == NULL)
return peer_alt_names;
@@ -924,38 +921,15 @@ _get_peer_alt_names (X509 *certificate) {
/* get a memory buffer */
biobuf = BIO_new(BIO_s_mem());
- i = -1;
- while ((i = X509_get_ext_by_NID(
- certificate, NID_subject_alt_name, i)) >= 0) {
-
+ names = (GENERAL_NAMES *)X509_get_ext_d2i(
+ certificate, NID_subject_alt_name, NULL, NULL);
+ if (names != NULL) {
if (peer_alt_names == Py_None) {
peer_alt_names = PyList_New(0);
if (peer_alt_names == NULL)
goto fail;
}
- /* now decode the altName */
- ext = X509_get_ext(certificate, i);
- if(!(method = X509V3_EXT_get(ext))) {
- PyErr_SetString
- (PySSLErrorObject,
- ERRSTR("No method for internalizing subjectAltName!"));
- goto fail;
- }
-
- p = X509_EXTENSION_get_data(ext)->data;
- if (method->it)
- names = (GENERAL_NAMES*)
- (ASN1_item_d2i(NULL,
- &p,
- X509_EXTENSION_get_data(ext)->length,
- ASN1_ITEM_ptr(method->it)));
- else
- names = (GENERAL_NAMES*)
- (method->d2i(NULL,
- &p,
- X509_EXTENSION_get_data(ext)->length));
-
for(j = 0; j < sk_GENERAL_NAME_num(names); j++) {
/* get a rendering of each name in the set of names */
int gntype;