diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2018-09-09 21:57:21 -0500 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2018-09-09 22:57:21 -0400 |
| commit | 09403100de2f6f1cdd0d484dcb8e620f1c335c8f (patch) | |
| tree | f128b1a1c5ad82e4c372091758fa65b6d6f1ed3b /docs/x509 | |
| parent | 15827f1fcb7459aac7dbe43c373a826f69a09c0c (diff) | |
| download | cryptography-09403100de2f6f1cdd0d484dcb8e620f1c335c8f.tar.gz cryptography-09403100de2f6f1cdd0d484dcb8e620f1c335c8f.tar.bz2 cryptography-09403100de2f6f1cdd0d484dcb8e620f1c335c8f.zip | |
OCSP request extension parsing (#4464)
* add OCSP request parsing support with OCSPNonce
* add docs
* reprs man
* make extensions a cached property
Diffstat (limited to 'docs/x509')
| -rw-r--r-- | docs/x509/ocsp.rst | 6 | ||||
| -rw-r--r-- | docs/x509/reference.rst | 33 |
2 files changed, 39 insertions, 0 deletions
diff --git a/docs/x509/ocsp.rst b/docs/x509/ocsp.rst index b706b323..163a6a8a 100644 --- a/docs/x509/ocsp.rst +++ b/docs/x509/ocsp.rst @@ -190,6 +190,12 @@ Interfaces The serial number of the certificate to check. + .. attribute:: extensions + + :type: :class:`~cryptography.x509.Extensions` + + The extensions encoded in the request. + .. method:: public_bytes(encoding) :param encoding: The encoding to use. Only diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst index ede08aa5..079fef92 100644 --- a/docs/x509/reference.rst +++ b/docs/x509/reference.rst @@ -2432,6 +2432,30 @@ These extensions are only valid within a :class:`RevokedCertificate` object. :type: :class:`datetime.datetime` +OCSP Extensions +~~~~~~~~~~~~~~~ + +.. class:: OCSPNonce(nonce) + + .. versionadded:: 2.4 + + OCSP nonce is an extension that is only valid inside + :class:`~cryptography.x509.ocsp.OCSPRequest` and + :class:`~cryptography.x509.ocsp.OCSPResponse` objects. The nonce + cryptographically binds a request and a response to prevent replay attacks. + In practice nonces are rarely used in OCSP due to the desire to precompute + OCSP responses at large scale. + + .. attribute:: oid + + :type: :class:`ObjectIdentifier` + + Returns + :attr:`~cryptography.x509.oid.OCSPExtensionOID.NONCE`. + + .. attribute:: nonce + + :type: bytes Object Identifiers ~~~~~~~~~~~~~~~~~~ @@ -2854,6 +2878,15 @@ instances. The following common OIDs are available as constants. Corresponds to the dotted string ``"2.5.29.24"``. + +.. class:: OCSPExtensionOID + + .. versionadded:: 2.4 + + .. attribute:: NONCE + + Corresponds to the dotted string ``"1.3.6.1.5.5.7.48.1.2"``. + Helper Functions ~~~~~~~~~~~~~~~~ .. currentmodule:: cryptography.x509 |