diff --git a/OpenSSL/crypto.py b/OpenSSL/crypto.py index 132d98d7b..bbaa53a9d 100644 --- a/OpenSSL/crypto.py +++ b/OpenSSL/crypto.py @@ -1998,23 +1998,9 @@ def export(self, cert, key, type=FILETYPE_PEM, days=100, if not sign_result: _raise_current_error() - if type == FILETYPE_PEM: - ret = _lib.PEM_write_bio_X509_CRL(bio, self._crl) - elif type == FILETYPE_ASN1: - ret = _lib.i2d_X509_CRL_bio(bio, self._crl) - elif type == FILETYPE_TEXT: - ret = _lib.X509_CRL_print(bio, self._crl) - else: - raise ValueError( - "type argument must be FILETYPE_PEM, FILETYPE_ASN1, or " - "FILETYPE_TEXT" - ) + return dump_crl(type, self) - if not ret: - # TODO: This is untested. - _raise_current_error() - return _bio_to_string(bio) CRLType = CRL @@ -2577,6 +2563,32 @@ def verify(cert, signature, data, digest): _raise_current_error() +def dump_crl(type, crl): + """ + Dump a certificate revocation list to a buffer + + :param type: The file type (one of FILETYPE_PEM, FILETYPE_ASN1, or + FILETYPE_TEXT) + :param crl: The certificate revocation list to dump + :return: The buffer with the dumped certificate revocation list + """ + bio = _new_mem_buf() + + if type == FILETYPE_PEM: + ret = _lib.PEM_write_bio_X509_CRL(bio, crl._crl) + elif type == FILETYPE_ASN1: + ret = _lib.i2d_X509_CRL_bio(bio, crl._crl) + elif type == FILETYPE_TEXT: + ret = _lib.X509_CRL_print(bio, crl._crl) + else: + raise ValueError( + "type argument must be FILETYPE_PEM, FILETYPE_ASN1, or " + "FILETYPE_TEXT") + + assert ret == 1 + return _bio_to_string(bio) + + def load_crl(type, buffer): """ Load a certificate revocation list from a buffer diff --git a/OpenSSL/test/test_crypto.py b/OpenSSL/test/test_crypto.py index 0c906b656..c2763fafb 100644 --- a/OpenSSL/test/test_crypto.py +++ b/OpenSSL/test/test_crypto.py @@ -31,7 +31,7 @@ from OpenSSL.crypto import dump_certificate_request, dump_privatekey from OpenSSL.crypto import PKCS7Type, load_pkcs7_data from OpenSSL.crypto import PKCS12, PKCS12Type, load_pkcs12 -from OpenSSL.crypto import CRL, Revoked, load_crl +from OpenSSL.crypto import CRL, Revoked, dump_crl, load_crl from OpenSSL.crypto import NetscapeSPKI, NetscapeSPKIType from OpenSSL.crypto import ( sign, verify, get_elliptic_curve, get_elliptic_curves) @@ -3205,6 +3205,14 @@ def test_load_crl_bad_data(self): """ self.assertRaises(Error, load_crl, FILETYPE_PEM, b"hello, world") + def test_dump_crl(self): + """ + Dump a known CRL and ensure it is output correctly. + """ + crl = load_crl(FILETYPE_PEM, crlData) + buf = dump_crl(FILETYPE_PEM, crl) + self.assertEqual(crlData, buf) + class X509StoreContextTests(TestCase): """