forward port the nid2sn workaround

pyca · Mar 28, 2023 · d690410 · d690410
1 parent cf77b73
commit d690410
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 1 deletion.
diff --git a/src/OpenSSL/crypto.py b/src/OpenSSL/crypto.py
@@ -904,7 +904,14 @@ def get_short_name(self) -> bytes:
         """
         obj = _lib.X509_EXTENSION_get_object(self._extension)
         nid = _lib.OBJ_obj2nid(obj)
-        return _ffi.string(_lib.OBJ_nid2sn(nid))
+        # OpenSSL 3.1.0 has a bug where nid2sn returns NULL for NIDs that
+        # previously returned UNDEF. This is a workaround for that issue.
+        # https://github.com/openssl/openssl/commit/908ba3ed9adbb3df90f76
+        buf = _lib.OBJ_nid2sn(nid)
+        if buf != _ffi.NULL:
+            return _ffi.string(buf)
+        else:
+            return b"UNDEF"
 
     def get_data(self) -> bytes:
         """

diff --git a/tests/test_crypto.py b/tests/test_crypto.py
@@ -1681,6 +1681,14 @@ def test_get_extensions(self):
         exts = request.get_extensions()
         assert len(exts) == 2
 
+    def test_undef_oid(self):
+        assert (
+            X509Extension(
+                b"1.2.3.4.5.6.7", False, b"DER:05:00"
+            ).get_short_name()
+            == b"UNDEF"
+        )
+
     def test_add_extensions_wrong_args(self):
         """
         `X509Req.add_extensions` raises `TypeError` if called with a