X509Extension __str__() method raises exception for unknown extension types
ich199 opened this issue · 2 comments
ich199 commented
Issue
When calling the crypto.X509Extension method __str__(), if the extension type is not supported by OpenSSL, an exception_type error is raised:
python -c 'from OpenSSL.crypto import X509Extension; print(str(X509Extension(b"1.2.3.4.5.6.7", False, b"DER:05:00")))'
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/home/iain/pyopenssl-test/lib64/python3.11/site-packages/OpenSSL/crypto.py", line 882, in __str__
_openssl_assert(print_result != 0)
File "/home/iain/pyopenssl-test/lib64/python3.11/site-packages/OpenSSL/_util.py", line 71, in openssl_assert
exception_from_error_queue(error)
File "/home/iain/pyopenssl-test/lib64/python3.11/site-packages/OpenSSL/_util.py", line 57, in exception_from_error_queue
raise exception_type(errors)
OpenSSL.crypto.Error: []Environment:
$ python --version
Python 3.11.4
$ pip list
Package Version
------------ -------
cffi 1.15.1
cryptography 41.0.3
pip 23.2.1
pycparser 2.21
pyOpenSSL 23.2.0
setuptools 62.6.0
$ openssl version
OpenSSL 3.0.9 30 May 2023 (Library: OpenSSL 3.0.9 30 May 2023)Possible Cause
The current call to X509V3_EXT_print() in crypto.X509Extension sets the flags parameter (3rd parameter in the call) to 0, which causes OpenSSL to return an error for unknown extension types:
print_result = _lib.X509V3_EXT_print(bio, self._extension, 0, 0)Possible Fix
Update X509V3_EXT_print() to set the flags parameter to one of the other valid values so that it returns success for unknown extension types.
eg. amending the call to use the value 1 << 16 or 65536 (X509V3_EXT_ERROR_UNKNOWN in OpenSSL) results in the call succeeding and printing <Not Supported> for the unknown extension type:
print_result = _lib.X509V3_EXT_print(bio, self._extension, 1 << 16, 0)python -c 'from OpenSSL.crypto import X509Extension; print(str(X509Extension(b"1.2.3.4.5.6.7", False, b"DER:05:00")))'
<Not Supported>