aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPaul Kehrer <paul.l.kehrer@gmail.com>2019-07-06 19:11:36 -0400
committerAlex Gaynor <alex.gaynor@gmail.com>2019-07-06 19:11:36 -0400
commita15986844e3ebd71efb7b8183733dd661ce75768 (patch)
treec6339b96640d07ca0a337f031a67ccaf6226e3e0
parent7b1391bfd4949140432bd003a8e43e32bfe968c5 (diff)
downloadcryptography-a15986844e3ebd71efb7b8183733dd661ce75768.tar.gz
cryptography-a15986844e3ebd71efb7b8183733dd661ce75768.tar.bz2
cryptography-a15986844e3ebd71efb7b8183733dd661ce75768.zip
prevaricate more about anyextendedkeyusage (#4939)
-rw-r--r--docs/x509/reference.rst7
1 files changed, 6 insertions, 1 deletions
diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst
index 38901c7c..7156ab8c 100644
--- a/docs/x509/reference.rst
+++ b/docs/x509/reference.rst
@@ -2895,7 +2895,12 @@ instances. The following common OIDs are available as constants.
.. versionadded:: 2.0
Corresponds to the dotted string ``"2.5.29.37.0"``. This is used to
- denote that a certificate may be used for _any_ purposes.
+ denote that a certificate may be used for _any_ purposes. However,
+ :rfc:`5280` additionally notes that applications that require the
+ presence of a particular purpose _MAY_ reject certificates that include
+ the ``anyExtendedKeyUsage`` OID but not the particular OID expected for
+ the application. Therefore, the presence of this OID does not mean a
+ given application will accept the certificate for all purposes.
.. class:: AuthorityInformationAccessOID