alex/foo.diff

## foo.diff
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index dd2aba6..4f53f73 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -259,7 +259,9 @@ class _Certificate(object):
                 raise x509.DuplicateExtension(
                     "Duplicate {0} extension found".format(oid), oid
                 )
-            elif oid == x509.OID_BASIC_CONSTRAINTS:
+
+            ext = self._backend._lib.X509V3_EXT_d2i(ext)
+            if oid == x509.OID_BASIC_CONSTRAINTS:
                 value = self._build_basic_constraints(ext)
             elif oid == x509.OID_SUBJECT_KEY_IDENTIFIER:
                 value = self._build_subject_key_identifier(ext)
@@ -283,8 +285,7 @@ class _Certificate(object):

         return x509.Extensions(extensions)

-    def _build_basic_constraints(self, ext):
-        bc_st = self._backend._lib.X509V3_EXT_d2i(ext)
+    def _build_basic_constraints(self, bc_st):
         assert bc_st != self._backend._ffi.NULL
         basic_constraints = self._backend._ffi.cast(
             "BASIC_CONSTRAINTS *", bc_st
@@ -308,8 +309,7 @@ class _Certificate(object):

         return x509.BasicConstraints(ca, path_length)

-    def _build_subject_key_identifier(self, ext):
-        asn1_string = self._backend._lib.X509V3_EXT_d2i(ext)
+    def _build_subject_key_identifier(self, asn1_string):
         assert asn1_string != self._backend._ffi.NULL
         asn1_string = self._backend._ffi.cast(
             "ASN1_OCTET_STRING *", asn1_string
@@ -321,8 +321,7 @@ class _Certificate(object):
             self._backend._ffi.buffer(asn1_string.data, asn1_string.length)[:]
         )

-    def _build_key_usage(self, ext):
-        bit_string = self._backend._lib.X509V3_EXT_d2i(ext)
+    def _build_key_usage(self, bit_string):
         assert bit_string != self._backend._ffi.NULL
         bit_string = self._backend._ffi.cast("ASN1_BIT_STRING *", bit_string)
         bit_string = self._backend._ffi.gc(
@@ -350,10 +349,8 @@ class _Certificate(object):
             decipher_only
         )

-    def _build_subject_alt_name(self, ext):
-        gns = self._backend._ffi.cast(
-            "GENERAL_NAMES *", self._backend._lib.X509V3_EXT_d2i(ext)
-        )
+    def _build_subject_alt_name(self, gns):
+        gns = self._backend._ffi.cast("GENERAL_NAMES *", gns)
         assert gns != self._backend._ffi.NULL
         gns = self._backend._ffi.gc(gns, self._backend._lib.GENERAL_NAMES_free)
         num = self._backend._lib.sk_GENERAL_NAME_num(gns)
@@ -368,11 +365,8 @@ class _Certificate(object):

         return x509.SubjectAlternativeName(general_names)

-    def _build_extended_key_usage(self, ext):
-        sk = self._backend._ffi.cast(
-            "Cryptography_STACK_OF_ASN1_OBJECT *",
-            self._backend._lib.X509V3_EXT_d2i(ext)
-        )
+    def _build_extended_key_usage(self, sk):
+        sk = self._backend._ffi.cast("Cryptography_STACK_OF_ASN1_OBJECT *", sk)
         assert sk != self._backend._ffi.NULL
         sk = self._backend._ffi.gc(sk, self._backend._lib.sk_ASN1_OBJECT_free)
         num = self._backend._lib.sk_ASN1_OBJECT_num(sk)
	diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
	index dd2aba6..4f53f73 100644
	--- a/src/cryptography/hazmat/backends/openssl/x509.py
	+++ b/src/cryptography/hazmat/backends/openssl/x509.py
	@@ -259,7 +259,9 @@ class _Certificate(object):
	raise x509.DuplicateExtension(
	"Duplicate {0} extension found".format(oid), oid
	)
	- elif oid == x509.OID_BASIC_CONSTRAINTS:
	+
	+ ext = self._backend._lib.X509V3_EXT_d2i(ext)
	+ if oid == x509.OID_BASIC_CONSTRAINTS:
	value = self._build_basic_constraints(ext)
	elif oid == x509.OID_SUBJECT_KEY_IDENTIFIER:
	value = self._build_subject_key_identifier(ext)
	@@ -283,8 +285,7 @@ class _Certificate(object):

	return x509.Extensions(extensions)

	- def _build_basic_constraints(self, ext):
	- bc_st = self._backend._lib.X509V3_EXT_d2i(ext)
	+ def _build_basic_constraints(self, bc_st):
	assert bc_st != self._backend._ffi.NULL
	basic_constraints = self._backend._ffi.cast(
	"BASIC_CONSTRAINTS *", bc_st
	@@ -308,8 +309,7 @@ class _Certificate(object):

	return x509.BasicConstraints(ca, path_length)

	- def _build_subject_key_identifier(self, ext):
	- asn1_string = self._backend._lib.X509V3_EXT_d2i(ext)
	+ def _build_subject_key_identifier(self, asn1_string):
	assert asn1_string != self._backend._ffi.NULL
	asn1_string = self._backend._ffi.cast(
	"ASN1_OCTET_STRING *", asn1_string
	@@ -321,8 +321,7 @@ class _Certificate(object):
	self._backend._ffi.buffer(asn1_string.data, asn1_string.length)[:]
	)

	- def _build_key_usage(self, ext):
	- bit_string = self._backend._lib.X509V3_EXT_d2i(ext)
	+ def _build_key_usage(self, bit_string):
	assert bit_string != self._backend._ffi.NULL
	bit_string = self._backend._ffi.cast("ASN1_BIT_STRING *", bit_string)
	bit_string = self._backend._ffi.gc(
	@@ -350,10 +349,8 @@ class _Certificate(object):
	decipher_only
	)

	- def _build_subject_alt_name(self, ext):
	- gns = self._backend._ffi.cast(
	- "GENERAL_NAMES *", self._backend._lib.X509V3_EXT_d2i(ext)
	- )
	+ def _build_subject_alt_name(self, gns):
	+ gns = self._backend._ffi.cast("GENERAL_NAMES *", gns)
	assert gns != self._backend._ffi.NULL
	gns = self._backend._ffi.gc(gns, self._backend._lib.GENERAL_NAMES_free)
	num = self._backend._lib.sk_GENERAL_NAME_num(gns)
	@@ -368,11 +365,8 @@ class _Certificate(object):

	return x509.SubjectAlternativeName(general_names)

	- def _build_extended_key_usage(self, ext):
	- sk = self._backend._ffi.cast(
	- "Cryptography_STACK_OF_ASN1_OBJECT *",
	- self._backend._lib.X509V3_EXT_d2i(ext)
	- )
	+ def _build_extended_key_usage(self, sk):
	+ sk = self._backend._ffi.cast("Cryptography_STACK_OF_ASN1_OBJECT *", sk)
	assert sk != self._backend._ffi.NULL
	sk = self._backend._ffi.gc(sk, self._backend._lib.sk_ASN1_OBJECT_free)
	num = self._backend._lib.sk_ASN1_OBJECT_num(sk)