From 35ee31c67b02c610b1d32aaf69efb9922aaaf924 Mon Sep 17 00:00:00 2001 From: Alex Cameron Date: Fri, 4 Nov 2022 15:15:06 +1100 Subject: [PATCH] _utils: Fix OtherName check --- sigstore/_utils.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/sigstore/_utils.py b/sigstore/_utils.py index b3cb15a55..1e97f0d8a 100644 --- a/sigstore/_utils.py +++ b/sigstore/_utils.py @@ -23,6 +23,7 @@ from cryptography.hazmat.primitives.asymmetric import ec, rsa from cryptography.x509 import ( Certificate, + ObjectIdentifier, OtherName, RFC822Name, SubjectAlternativeName, @@ -77,5 +78,8 @@ def cert_contains_identity(cert: Certificate, expected_cert_identity: str) -> bo expected_cert_identity in san_ext.value.get_values_for_type(RFC822Name) or expected_cert_identity in san_ext.value.get_values_for_type(UniformResourceIdentifier) - or expected_cert_identity in san_ext.value.get_values_for_type(OtherName) + or OtherName( + ObjectIdentifier("1.3.6.1.4.1.57264.1.7"), expected_cert_identity.encode() + ) + in san_ext.value.get_values_for_type(OtherName) )