traverseda
/
cpython
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Simplify X.509 extension handling code (#1855) 

* Simplify X.509 extension handling code

The previous implementation had grown organically over time, as OpenSSL's API evolved.

* Delete even more code
This commit is contained in:
Alex Gaynor 2017-06-06 07:53:11 -04:00 committed by GitHub
parent 8b7a4cc40e
commit b87c0dfe90
1 changed files with 4 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
Modules/_ssl.c
View File

@ -905,18 +905,15 @@ _get_peer_alt_names (X509 *certificate) {
then iterates through the stack to add the
names. */
int i, j;
int j;
PyObject *peer_alt_names = Py_None;
PyObject *v = NULL, *t;
X509_EXTENSION *ext = NULL;
GENERAL_NAMES *names = NULL;
GENERAL_NAME *name;
const X509V3_EXT_METHOD *method;
BIO *biobuf = NULL;
char buf[2048];
char *vptr;
int len;
const unsigned char *p;
if (certificate == NULL)
return peer_alt_names;
@ -924,38 +921,15 @@ _get_peer_alt_names (X509 *certificate) {
/* get a memory buffer */
biobuf = BIO_new(BIO_s_mem());
i = -1;
while ((i = X509_get_ext_by_NID(
certificate, NID_subject_alt_name, i)) >= 0) {
names = (GENERAL_NAMES *)X509_get_ext_d2i(
certificate, NID_subject_alt_name, NULL, NULL);
if (names != NULL) {
if (peer_alt_names == Py_None) {
peer_alt_names = PyList_New(0);
if (peer_alt_names == NULL)
goto fail;
}
/* now decode the altName */
ext = X509_get_ext(certificate, i);
if(!(method = X509V3_EXT_get(ext))) {
PyErr_SetString
(PySSLErrorObject,
ERRSTR("No method for internalizing subjectAltName!"));
goto fail;
}
p = X509_EXTENSION_get_data(ext)->data;
if (method->it)
names = (GENERAL_NAMES*)
(ASN1_item_d2i(NULL,
&p,
X509_EXTENSION_get_data(ext)->length,
ASN1_ITEM_ptr(method->it)));
else
names = (GENERAL_NAMES*)
(method->d2i(NULL,
&p,
X509_EXTENSION_get_data(ext)->length));
for(j = 0; j < sk_GENERAL_NAME_num(names); j++) {
/* get a rendering of each name in the set of names */
int gntype;