diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-05-18 10:28:31 -0700 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-05-18 10:29:37 -0700 |
| commit | 4a1038e0742c720a6046f9bb20f1156ce8624c6b (patch) | |
| tree | 4a0131b350997b33e26e8878bbfb0360a631de41 /docs/x509.rst | |
| parent | 0b0179f7311162084f2b8dc6a028e301ca2eb7b2 (diff) | |
| download | cryptography-4a1038e0742c720a6046f9bb20f1156ce8624c6b.tar.gz cryptography-4a1038e0742c720a6046f9bb20f1156ce8624c6b.tar.bz2 cryptography-4a1038e0742c720a6046f9bb20f1156ce8624c6b.zip | |
add ocsp no check
Diffstat (limited to 'docs/x509.rst')
| -rw-r--r-- | docs/x509.rst | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/docs/x509.rst b/docs/x509.rst index 850e3df1..3f1af86c 100644 --- a/docs/x509.rst +++ b/docs/x509.rst @@ -699,6 +699,19 @@ X.509 Extensions purposes indicated in the key usage extension. The object is iterable to obtain the list of :ref:`extended key usage OIDs <eku_oids>`. +.. class:: OCSPNoCheck + + .. versionadded:: 0.10 + + This presence of this extension indicates that an OCSP client can trust a + responder for the lifetime of the responder's certificate. CAs issuing + such a certificate should realize that a compromise of the responder's key + is as serious as the compromise of a CA key used to sign CRLs, at least for + the validity period of this certificate. CA's may choose to issue this type + of certificate with a very short lifetime and renew it frequently. This + extension is only relevant when the certificate is an authorized OCSP + responder. + .. class:: AuthorityKeyIdentifier .. versionadded:: 0.9 @@ -1235,6 +1248,11 @@ Extension OIDs Corresponds to the dotted string ``"1.3.6.1.5.5.7.1.1"``. The identifier for the :class:`AuthorityInformationAccess` extension type. +.. data:: OID_OCSP_NO_CHECK + + Corresponds to the dotted string ``"1.3.6.1.5.5.7.48.1.5"``. The identifier + for the :class:`OCSPNoCheck` extension type. + Exceptions ~~~~~~~~~~ |