diff options
author | Alex Gaynor <alex.gaynor@gmail.com> | 2016-02-26 21:01:29 -0500 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2016-02-26 21:01:29 -0500 |
commit | c96ef9d5cd028e13186787d484bd7abba6f67906 (patch) | |
tree | 0b94ca1cd30b9b13344be05c6189a3fcd81149db /docs/x509/reference.rst | |
parent | cce46b1c88d1d0aed63540a7bce309863c0f4f41 (diff) | |
parent | 648c0fb14b762bd79243644ad5fcde586b94e098 (diff) | |
download | cryptography-c96ef9d5cd028e13186787d484bd7abba6f67906.tar.gz cryptography-c96ef9d5cd028e13186787d484bd7abba6f67906.tar.bz2 cryptography-c96ef9d5cd028e13186787d484bd7abba6f67906.zip |
Merge pull request #2733 from reaperhulk/policy-constraints
add policy constraints class
Diffstat (limited to 'docs/x509/reference.rst')
-rw-r--r-- | docs/x509/reference.rst | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst index 8bb3f40d..529578ba 100644 --- a/docs/x509/reference.rst +++ b/docs/x509/reference.rst @@ -1860,6 +1860,44 @@ X.509 Extensions :type: int +.. class:: PolicyConstraints + + .. versionadded:: 1.3 + + The policy constraints extension is used to inhibit policy mapping or + require that each certificate in a chain contain an acceptable policy + identifier. For more information about the use of this extension see + :rfc:`5280`. + + .. attribute:: oid + + :type: :class:`ObjectIdentifier` + + Returns :attr:`~cryptography.x509.oid.ExtensionOID.POLICY_CONSTRAINTS`. + + .. attribute:: require_explicit_policy + + :type: int or None + + If this field is not None, the value indicates the number of additional + certificates that may appear in the chain before an explicit policy is + required for the entire path. When an explicit policy is required, it + is necessary for all certificates in the chain to contain an acceptable + policy identifier in the certificate policies extension. An + acceptable policy identifier is the identifier of a policy required + by the user of the certification path or the identifier of a policy + that has been declared equivalent through policy mapping. + + .. attribute:: inhibit_policy_mapping + + :type: int or None + + If this field is not None, the value indicates the number of additional + certificates that may appear in the chain before policy mapping is no + longer permitted. For example, a value of one indicates that policy + mapping may be processed in certificates issued by the subject of this + certificate, but not in additional certificates in the chain. + .. class:: CRLNumber(crl_number) .. versionadded:: 1.2 @@ -2392,6 +2430,12 @@ instances. The following common OIDs are available as constants. the ``CRLNumber`` extension type. This extension only has meaning for certificate revocation lists. + .. attribute:: POLICY_CONSTRAINTS + + Corresponds to the dotted string ``"2.5.29.36"``. The identifier for the + :class:`~cryptography.x509.PolicyConstraints` extension type. + + .. class:: CRLEntryExtensionOID .. versionadded:: 1.2 |