port changelog (#1205)

reaperhulk · web-flow · commit da18a74f9fb5 · 2023-03-27T23:49:01.000-04:00
* port changelog

* forward port the nid2sn workaround
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -16,6 +16,21 @@ Deprecations:
 Changes:
 ^^^^^^^^
 
+23.1.1 (2023-03-28)
+-------------------
+
+Backward-incompatible changes:
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Deprecations:
+^^^^^^^^^^^^^
+
+Changes:
+^^^^^^^^
+
+- Worked around an issue in OpenSSL 3.1.0 which caused `X509Extension.get_short_name` to raise an exception when no short name was known to OpenSSL.
+  `#1204 <https://github.com/pyca/pyopenssl/pull/1204>`_.
+
 23.1.0 (2023-03-24)
 -------------------
 
@@ -56,7 +71,7 @@ Backward-incompatible changes:
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 - Remove support for SSLv2 and SSLv3.
-- The minimum ``cryptography`` version is now 38.0.x (and we now pin releases 
+- The minimum ``cryptography`` version is now 38.0.x (and we now pin releases
   against ``cryptography`` major versions to prevent future breakage)
 - The ``OpenSSL.crypto.X509StoreContextError`` exception has been refactored,
   changing its internal attributes.
diff --git a/src/OpenSSL/crypto.py b/src/OpenSSL/crypto.py
@@ -904,7 +904,14 @@ def get_short_name(self) -> bytes:
         """
         obj = _lib.X509_EXTENSION_get_object(self._extension)
         nid = _lib.OBJ_obj2nid(obj)
-        return _ffi.string(_lib.OBJ_nid2sn(nid))
+        # OpenSSL 3.1.0 has a bug where nid2sn returns NULL for NIDs that
+        # previously returned UNDEF. This is a workaround for that issue.
+        # https://github.com/openssl/openssl/commit/908ba3ed9adbb3df90f76
+        buf = _lib.OBJ_nid2sn(nid)
+        if buf != _ffi.NULL:
+            return _ffi.string(buf)
+        else:
+            return b"UNDEF"
 
     def get_data(self) -> bytes:
         """
diff --git a/tests/test_crypto.py b/tests/test_crypto.py
@@ -1681,6 +1681,14 @@ def test_get_extensions(self):
         exts = request.get_extensions()
         assert len(exts) == 2
 
+    def test_undef_oid(self):
+        assert (
+            X509Extension(
+                b"1.2.3.4.5.6.7", False, b"DER:05:00"
+            ).get_short_name()
+            == b"UNDEF"
+        )
+
     def test_add_extensions_wrong_args(self):
         """
         `X509Req.add_extensions` raises `TypeError` if called with a
