@@ -345,16 +345,22 @@ def _encode_authority_information_access(backend, authority_info_access):
345345 aia = backend ._lib .sk_ACCESS_DESCRIPTION_new_null ()
346346 backend .openssl_assert (aia != backend ._ffi .NULL )
347347 aia = backend ._ffi .gc (
348- aia , backend ._lib .sk_ACCESS_DESCRIPTION_free
348+ aia ,
349+ lambda x : backend ._lib .sk_ACCESS_DESCRIPTION_pop_free (
350+ x , backend ._ffi .addressof (
351+ backend ._lib ._original_lib , "ACCESS_DESCRIPTION_free"
352+ )
353+ )
349354 )
350355 for access_description in authority_info_access :
351356 ad = backend ._lib .ACCESS_DESCRIPTION_new ()
352357 method = _txt2obj (
353358 backend , access_description .access_method .dotted_string
354359 )
355- gn = _encode_general_name (backend , access_description .access_location )
360+ _encode_general_name_preallocated (
361+ backend , access_description .access_location , ad .location
362+ )
356363 ad .method = method
357- ad .location = gn
358364 res = backend ._lib .sk_ACCESS_DESCRIPTION_push (aia , ad )
359365 backend .openssl_assert (res >= 1 )
360366
@@ -385,8 +391,12 @@ def _encode_subject_key_identifier(backend, ski):
385391
386392
387393def _encode_general_name (backend , name ):
394+ gn = backend ._lib .GENERAL_NAME_new ()
395+ return _encode_general_name_preallocated (backend , name , gn )
396+
397+
398+ def _encode_general_name_preallocated (backend , name , gn ):
388399 if isinstance (name , x509 .DNSName ):
389- gn = backend ._lib .GENERAL_NAME_new ()
390400 backend .openssl_assert (gn != backend ._ffi .NULL )
391401 gn .type = backend ._lib .GEN_DNS
392402
@@ -400,7 +410,6 @@ def _encode_general_name(backend, name):
400410 backend .openssl_assert (res == 1 )
401411 gn .d .dNSName = ia5
402412 elif isinstance (name , x509 .RegisteredID ):
403- gn = backend ._lib .GENERAL_NAME_new ()
404413 backend .openssl_assert (gn != backend ._ffi .NULL )
405414 gn .type = backend ._lib .GEN_RID
406415 obj = backend ._lib .OBJ_txt2obj (
@@ -409,13 +418,11 @@ def _encode_general_name(backend, name):
409418 backend .openssl_assert (obj != backend ._ffi .NULL )
410419 gn .d .registeredID = obj
411420 elif isinstance (name , x509 .DirectoryName ):
412- gn = backend ._lib .GENERAL_NAME_new ()
413421 backend .openssl_assert (gn != backend ._ffi .NULL )
414422 dir_name = _encode_name (backend , name .value )
415423 gn .type = backend ._lib .GEN_DIRNAME
416424 gn .d .directoryName = dir_name
417425 elif isinstance (name , x509 .IPAddress ):
418- gn = backend ._lib .GENERAL_NAME_new ()
419426 backend .openssl_assert (gn != backend ._ffi .NULL )
420427 if isinstance (name .value , ipaddress .IPv4Network ):
421428 packed = (
@@ -433,7 +440,6 @@ def _encode_general_name(backend, name):
433440 gn .type = backend ._lib .GEN_IPADD
434441 gn .d .iPAddress = ipaddr
435442 elif isinstance (name , x509 .OtherName ):
436- gn = backend ._lib .GENERAL_NAME_new ()
437443 backend .openssl_assert (gn != backend ._ffi .NULL )
438444 other_name = backend ._lib .OTHERNAME_new ()
439445 backend .openssl_assert (other_name != backend ._ffi .NULL )
@@ -456,7 +462,6 @@ def _encode_general_name(backend, name):
456462 gn .type = backend ._lib .GEN_OTHERNAME
457463 gn .d .otherName = other_name
458464 elif isinstance (name , x509 .RFC822Name ):
459- gn = backend ._lib .GENERAL_NAME_new ()
460465 backend .openssl_assert (gn != backend ._ffi .NULL )
461466 # ia5strings are supposed to be ITU T.50 but to allow round-tripping
462467 # of broken certs that encode utf8 we'll encode utf8 here too.
@@ -465,7 +470,6 @@ def _encode_general_name(backend, name):
465470 gn .type = backend ._lib .GEN_EMAIL
466471 gn .d .rfc822Name = asn1_str
467472 elif isinstance (name , x509 .UniformResourceIdentifier ):
468- gn = backend ._lib .GENERAL_NAME_new ()
469473 backend .openssl_assert (gn != backend ._ffi .NULL )
470474 # ia5strings are supposed to be ITU T.50 but to allow round-tripping
471475 # of broken certs that encode utf8 we'll encode utf8 here too.
0 commit comments