fix X509Extension __str__() method for unknow extension types

pyca · Aug 10, 2023 · 2f5b78d · 2f5b78d
1 parent b259bfb
commit 2f5b78d
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 1 deletion.
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -25,6 +25,9 @@ Deprecations:
 Changes:
 ^^^^^^^^
 
+- Fix X509Extension __str__() method for unknown extension types
+  `#1239 <https://github.com/pyca/pyopenssl/pull/1239>`_.
+
 23.2.0 (2023-05-30)
 -------------------
 

diff --git a/src/OpenSSL/crypto.py b/src/OpenSSL/crypto.py
@@ -94,6 +94,8 @@
 TYPE_DH: int = _lib.EVP_PKEY_DH
 TYPE_EC: int = _lib.EVP_PKEY_EC
 
+X509V3_EXT_ERROR_UNKNOWN = 1 << 16
+
 
 class Error(Exception):
     """
@@ -875,7 +877,9 @@ def __str__(self) -> str:
             return self._subjectAltNameString()
 
         bio = _new_mem_buf()
-        print_result = _lib.X509V3_EXT_print(bio, self._extension, 0, 0)
+        print_result = _lib.X509V3_EXT_print(
+            bio, self._extension, X509V3_EXT_ERROR_UNKNOWN, 0
+        )
         _openssl_assert(print_result != 0)
 
         return _bio_to_string(bio).decode("utf-8")

diff --git a/tests/test_crypto.py b/tests/test_crypto.py
@@ -1633,6 +1633,10 @@ def test_undef_oid(self):
             ).get_short_name()
             == b"UNDEF"
         )
+        assert (
+            str(X509Extension(b"1.2.3.4.5.6.7", False, b"DER:05:00"))
+            == "<Not Supported>"
+        )
 
     def test_add_extensions_wrong_args(self):
         """