aboutsummaryrefslogtreecommitdiffstats
path: root/docs/x509
diff options
context:
space:
mode:
authorPaul Kehrer <paul.l.kehrer@gmail.com>2018-08-31 10:47:56 -0400
committerAlex Gaynor <alex.gaynor@gmail.com>2018-08-31 10:47:56 -0400
commit0f629bbdbb7ff595bffe43209490cc2647763fd3 (patch)
tree40a0c92380cb77bdefc0828b12e6ebfdeb3404ca /docs/x509
parent5a54f1aec2d9b739c95ed862661efe7b8ff75d31 (diff)
downloadcryptography-0f629bbdbb7ff595bffe43209490cc2647763fd3.tar.gz
cryptography-0f629bbdbb7ff595bffe43209490cc2647763fd3.tar.bz2
cryptography-0f629bbdbb7ff595bffe43209490cc2647763fd3.zip
refactor ocsp request parsing and generation to support only one cert (#4439)
* refactor ocsp request parsing and generation to support only one cert * small doc change * notimplementederror
Diffstat (limited to 'docs/x509')
-rw-r--r--docs/x509/ocsp.rst42
1 files changed, 17 insertions, 25 deletions
diff --git a/docs/x509/ocsp.rst b/docs/x509/ocsp.rst
index afbb2ef7..80abf166 100644
--- a/docs/x509/ocsp.rst
+++ b/docs/x509/ocsp.rst
@@ -97,8 +97,7 @@ Loading Requests
>>> from cryptography.x509 import ocsp
>>> ocsp_req = ocsp.load_der_ocsp_request(der_ocsp_req)
- >>> for request in ocsp_req:
- ... print(request.serial_number)
+ >>> print(ocsp_req.serial_number)
872625873161273451176241581705670534707360122361
@@ -113,10 +112,10 @@ Creating Requests
objects.
- .. method:: add_request(cert, issuer, algorithm)
+ .. method:: add_certificate(cert, issuer, algorithm)
Adds a request using a certificate, issuer certificate, and hash
- algorithm.
+ algorithm. This can only be called once.
:param cert: The :class:`~cryptography.x509.Certificate` whose validity
is being checked.
@@ -141,15 +140,16 @@ Creating Requests
>>> from cryptography.hazmat.backends import default_backend
>>> from cryptography.hazmat.primitives import serialization
- >>> from cryptography.hazmat.primitives.hashes import SHA256
+ >>> from cryptography.hazmat.primitives.hashes import SHA1
>>> from cryptography.x509 import load_pem_x509_certificate, ocsp
>>> cert = load_pem_x509_certificate(pem_cert, default_backend())
>>> issuer = load_pem_x509_certificate(pem_issuer, default_backend())
>>> builder = ocsp.OCSPRequestBuilder()
- >>> builder = builder.add_request(cert, issuer, SHA256())
+ >>> # SHA1 is in this example because RFC 5019 mandates its use.
+ >>> builder = builder.add_certificate(cert, issuer, SHA1())
>>> req = builder.build()
>>> base64.b64encode(req.public_bytes(serialization.Encoding.DER))
- b'MF8wXTBbMFkwVzANBglghkgBZQMEAgEFAAQgn3BowBaoh77h17ULfkX6781dUDPD82Taj8wO1jZWhZoEINxPgjoQth3w7q4AouKKerMxIMIuUG4EuWU2pZfwih52AgI/IA=='
+ b'MEMwQTA/MD0wOzAJBgUrDgMCGgUABBRAC0Z68eay0wmDug1gfn5ZN0gkxAQUw5zz/NNGCDS7zkZ/oHxb8+IIy1kCAj8g'
Interfaces
@@ -159,24 +159,8 @@ Interfaces
.. versionadded:: 2.4
- An ``OCSPRequest`` is an iterable containing one or more
- :class:`~cryptography.x509.ocsp.Request` objects.
-
- .. method:: public_bytes(encoding)
-
- :param encoding: The encoding to use. Only
- :attr:`~cryptography.hazmat.primitives.serialization.Encoding.DER`
- is supported.
-
- :return bytes: The serialized OCSP request.
-
-.. class:: Request
-
- .. versionadded:: 2.4
-
- A ``Request`` contains several attributes that create a unique identifier
- for a certificate whose status is being checked. It may also contain
- additional extensions (currently unsupported).
+ An ``OCSPRequest`` is an object containing information about a certificate
+ whose status is being checked.
.. attribute:: issuer_key_hash
@@ -205,3 +189,11 @@ Interfaces
:type: int
The serial number of the certificate to check.
+
+ .. method:: public_bytes(encoding)
+
+ :param encoding: The encoding to use. Only
+ :attr:`~cryptography.hazmat.primitives.serialization.Encoding.DER`
+ is supported.
+
+ :return bytes: The serialized OCSP request.