diff --git a/python-cryptography-enable-gost.patch b/python-cryptography-enable-gost.patch
new file mode 100644
index 0000000..ce39348
--- /dev/null
+++ b/python-cryptography-enable-gost.patch
@@ -0,0 +1,28 @@
+Index: cryptography-1.3.4/tests/hazmat/backends/test_openssl.py
+===================================================================
+--- cryptography-1.3.4.orig/tests/hazmat/backends/test_openssl.py
++++ cryptography-1.3.4/tests/hazmat/backends/test_openssl.py
+@@ -657,23 +657,3 @@ class TestRSAPEMSerialization(object):
+                 serialization.PrivateFormat.PKCS8,
+                 serialization.BestAvailableEncryption(password)
+             )
+-
+-
+-class TestGOSTCertificate(object):
+-    @pytest.mark.skipif(
+-        backend._lib.OPENSSL_VERSION_NUMBER < 0x1000000f,
+-        reason="Requires a newer OpenSSL. Must be >= 1.0.0"
+-    )
+-    def test_numeric_string_x509_name_entry(self):
+-        cert = _load_cert(
+-            os.path.join("x509", "e-trust.ru.der"),
+-            x509.load_der_x509_certificate,
+-            backend
+-        )
+-        with pytest.raises(ValueError) as exc:
+-            cert.subject
+-
+-        # We assert on the message in this case because if the certificate
+-        # fails to load it will also raise a ValueError and this test could
+-        # erroneously pass.
+-        assert str(exc.value) == "Unsupported ASN1 string type. Type: 18"
diff --git a/python-cryptography.changes b/python-cryptography.changes
index b9fe318..006627e 100644
--- a/python-cryptography.changes
+++ b/python-cryptography.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Sep 26 06:26:21 UTC 2016 - meissner@suse.com
+
+- python-cryptography-enable-gost.patch: temporary patch
+  to run tests against 1.0.2i, GOST cert extraction now works.
+
 -------------------------------------------------------------------
 Sun Jul 17 15:07:04 UTC 2016 - matwey.kornilov@gmail.com
 
diff --git a/python-cryptography.spec b/python-cryptography.spec
index 1e29b22..79f39aa 100644
--- a/python-cryptography.spec
+++ b/python-cryptography.spec
@@ -30,6 +30,10 @@ Source3:        https://pypi.io/packages/source/c/cryptography_vectors/cryptogra
 Source4:        https://pypi.io/packages/source/c/cryptography_vectors/cryptography_vectors-%{version}.tar.gz.asc
 # PATCH-FIX-SLE disable-uneven-sizes-tests.patch bnc#944204
 Patch1:         disable-uneven-sizes-tests.patch
+
+# PATCH-UPSTREAM: extract from upstream commit 8b8d51b752729f7237bb51274ccf158cbb4cfce0
+Patch2:         python-cryptography-enable-gost.patch
+
 BuildRequires:  libopenssl-devel
 BuildRequires:  pkg-config
 BuildRequires:  python-cffi >= 1.1.0
@@ -57,8 +61,8 @@ Requires:       python-enum34
 Requires:       python-idna >= 2.0
 Requires:       python-ipaddress
 Requires:       python-pyasn1 >= 0.1.8
-Requires:       python-six >= 1.4.1
 Requires:       python-setuptools >= 11.3
+Requires:       python-six >= 1.4.1
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -75,6 +79,9 @@ functions.
 %prep
 %setup -q -n cryptography-%{version}
 
+# remove if new upstream release is added (fixed upstream already)
+%patch2 -p1
+
 # prepare vectors module
 tar xvzf %{SOURCE3}