bpo-46232: Fix parsing of certs with bit string in DN (GH-30351)

This commit is contained in:
Christian Heimes 2022-02-20 22:42:31 +02:00 committed by GitHub
parent b77158b4da
commit be095f6c32
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 21 additions and 7 deletions

View File

@ -0,0 +1,2 @@
The :mod:`ssl` module now handles certificates with bit strings in DN
correctly.

View File

@ -1053,17 +1053,29 @@ _create_tuple_for_attribute(_sslmodulestate *state,
ASN1_OBJECT *name, ASN1_STRING *value)
{
Py_ssize_t buflen;
unsigned char *valuebuf = NULL;
PyObject *attr;
PyObject *pyattr;
PyObject *pyname = _asn1obj2py(state, name, 0);
buflen = ASN1_STRING_to_UTF8(&valuebuf, value);
if (buflen < 0) {
if (pyname == NULL) {
_setSSLError(state, NULL, 0, __FILE__, __LINE__);
return NULL;
}
attr = Py_BuildValue("Ns#", _asn1obj2py(state, name, 0), valuebuf, buflen);
if (ASN1_STRING_type(value) == V_ASN1_BIT_STRING) {
buflen = ASN1_STRING_length(value);
pyattr = Py_BuildValue("Ny#", pyname, ASN1_STRING_get0_data(value), buflen);
} else {
unsigned char *valuebuf = NULL;
buflen = ASN1_STRING_to_UTF8(&valuebuf, value);
if (buflen < 0) {
_setSSLError(state, NULL, 0, __FILE__, __LINE__);
Py_DECREF(pyname);
return NULL;
}
pyattr = Py_BuildValue("Ns#", pyname, valuebuf, buflen);
OPENSSL_free(valuebuf);
return attr;
}
return pyattr;
}
static PyObject *