Simplify X.509 extension handling code (#1855)

* Simplify X.509 extension handling code The previous implementation had grown organically over time, as OpenSSL's API evolved. * Delete even more code

Simplify X.509 extension handling code (#1855)
* Simplify X.509 extension handling code The previous implementation had grown organically over time, as OpenSSL's API evolved. * Delete even more code
b87c0dfe · Alex Gaynor · GitHub · 8b7a4cc4 · b87c0dfe
Kaydet (Commit) b87c0dfe authored Haz 06, 2017 tarafından Alex Gaynor Kaydeden (comit) GitHub Haz 06, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 30 deletions

_ssl.c Modules/_ssl.c +4 -30

No files found.
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -905,18 +905,15 @@ _get_peer_alt_names (X509 *certificate) {
       then iterates through the stack to add the
       names. */

-    int i, j;
+    int j;
    PyObject *peer_alt_names = Py_None;
    PyObject *v = NULL, *t;
-    X509_EXTENSION *ext = NULL;
    GENERAL_NAMES *names = NULL;
    GENERAL_NAME *name;
-    const X509V3_EXT_METHOD *method;
    BIO *biobuf = NULL;
    char buf[2048];
    char *vptr;
    int len;
-    const unsigned char *p;

    if (certificate == NULL)
        return peer_alt_names;
@@ -924,38 +921,15 @@ _get_peer_alt_names (X509 *certificate) {
    /* get a memory buffer */
    biobuf = BIO_new(BIO_s_mem());

-    i = -1;
-    while ((i = X509_get_ext_by_NID(
-                    certificate, NID_subject_alt_name, i)) >= 0) {
-
+    names = (GENERAL_NAMES *)X509_get_ext_d2i(
+        certificate, NID_subject_alt_name, NULL, NULL);
+    if (names != NULL) {
        if (peer_alt_names == Py_None) {
            peer_alt_names = PyList_New(0);
            if (peer_alt_names == NULL)
                goto fail;
        }

-        /* now decode the altName */
-        ext = X509_get_ext(certificate, i);
-        if(!(method = X509V3_EXT_get(ext))) {
-            PyErr_SetString
-              (PySSLErrorObject,
-               ERRSTR("No method for internalizing subjectAltName!"));
-            goto fail;
-        }
-
-        p = X509_EXTENSION_get_data(ext)->data;
-        if (method->it)
-            names = (GENERAL_NAMES*)
-              (ASN1_item_d2i(NULL,
-                             &p,
-                             X509_EXTENSION_get_data(ext)->length,
-                             ASN1_ITEM_ptr(method->it)));
-        else
-            names = (GENERAL_NAMES*)
-              (method->d2i(NULL,
-                           &p,
-                           X509_EXTENSION_get_data(ext)->length));
-
        for(j = 0; j < sk_GENERAL_NAME_num(names); j++) {
            /* get a rendering of each name in the set of names */
            int gntype;