Frawser Tweedle from Red Hat's identity management team found an issue in PyCA cryptography's handling of buffers for OpenSSL OBJ_obj2txt(). Cryptography fails to handle long OIDs as used by Active Directory.https://github.com/pyca/cryptography/pull/3612/https://bugzilla.redhat.com/show_bug.cgi?id=1455755CPython's ssl module doesn't handle buffer allocation for OBJ_obj2txt() correctly, too. A default buffer size of 255+1 makes the bug less likely to occur, though. We should fix the problem anyway.

Can the common code of _create_tuple_for_attribute() and asn1obj2py() be shared?

IMO it doesn't make sense to share a couple of lines of code. It makes the code even harder to read.

Your PR LGTM. But I think the code can be much simpler.Here is a patch that shares common code and applies other simplifications to surrounded code.PR 1852 increases the total number of lines by 37 lines,issue30502-simpler.diff -- only by 3 lines.PR 1852: 1 file changed, 49 insertions(+), 12 deletions(-)issue30502-simpler.diff: 1 file changed, 46 insertions(+), 43 deletions(-)

New changesete503ca52889bf66ac502702569e726caa7970299 by Christian Heimes (Serhiy Storchaka) in branch 'master':bpo-30502: Fix handling of long oids in ssl. (#2909)https://github.com/python/cpython/commit/e503ca52889bf66ac502702569e726caa7970299

New changesetf201e886fc7aaeb50f5e945578c6aec2a59a5323 by Christian Heimes in branch '3.6':[3.6]bpo-30502: Fix handling of long oids in ssl. (GH-2909) (#3321)https://github.com/python/cpython/commit/f201e886fc7aaeb50f5e945578c6aec2a59a5323

New changesetc9d668c0d8a6f3e8e72345e53d1dd34be172f16e by Christian Heimes in branch '2.7':[2.7]bpo-30502: Fix handling of long oids in ssl. (GH-2909). (#3322)https://github.com/python/cpython/commit/c9d668c0d8a6f3e8e72345e53d1dd34be172f16e