pyca · reaperhulk · Jun 27, 2015 · Jun 27, 2015 · reaperhulk · Jun 27, 2015
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -833,7 +833,7 @@ def create_x509_csr(self, builder, private_key, algorithm):
 
         # Set subject name.
         res = self._lib.X509_REQ_set_subject_name(
-            x509_req, _encode_name(self, list(builder._subject_name))
+            x509_req, _encode_name(self, builder._subject_name)
         )
         assert res == 1
 

diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py
@@ -1486,4 +1486,6 @@ def sign(self, private_key, algorithm, backend):
         """
         Signs the request using the requestor's private key.
         """
+        if self._subject_name is None:
+            raise ValueError("A CertificateSigningRequest must have a subject")
         return backend.create_x509_csr(self, private_key, algorithm)
diff --git a/tests/test_x509.py b/tests/test_x509.py
@@ -687,10 +687,20 @@ class TestCertificateSigningRequestBuilder(object):
     def test_sign_invalid_hash_algorithm(self, backend):
         private_key = RSA_KEY_2048.private_key(backend)
 
-        builder = x509.CertificateSigningRequestBuilder()
+        builder = x509.CertificateSigningRequestBuilder().subject_name(
+            x509.Name([])
+        )
         with pytest.raises(TypeError):
             builder.sign(private_key, 'NotAHash', backend)
 
+    @pytest.mark.requires_backend_interface(interface=RSABackend)
+    def test_no_subject_name(self, backend):
+        private_key = RSA_KEY_2048.private_key(backend)
+
+        builder = x509.CertificateSigningRequestBuilder()
+        with pytest.raises(ValueError):
+            builder.sign(private_key, hashes.SHA256(), backend)
+
     @pytest.mark.requires_backend_interface(interface=RSABackend)
     def test_build_ca_request_with_rsa(self, backend):
         private_key = RSA_KEY_2048.private_key(backend)