diff options
author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2017-09-11 09:16:34 +0800 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2017-09-10 21:16:34 -0400 |
commit | 5d66966032a1efbcbf093804a19951f399c2a6eb (patch) | |
tree | d769399c9c7f3e3a81fb199e89af8167bd28339f /docs/x509 | |
parent | d4bde9ce6668bb019f9c9db4cd26280e6cf7fa21 (diff) | |
download | cryptography-5d66966032a1efbcbf093804a19951f399c2a6eb.tar.gz cryptography-5d66966032a1efbcbf093804a19951f399c2a6eb.tar.bz2 cryptography-5d66966032a1efbcbf093804a19951f399c2a6eb.zip |
[WIP] add support for the TLSFeature extension in x509 (#3899)
* add support for the TLSFeature extension in x509
This extension is used for OCSP Must-Staple.
* fix changelog link
* pep8
* refactor to support the sequence properly and add status_request_v2
* update some language
* add test vector, implement eq/ne/hash on TLSFeature
* address review comments
Diffstat (limited to 'docs/x509')
-rw-r--r-- | docs/x509/reference.rst | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst index 5e1c95c4..f07272a6 100644 --- a/docs/x509/reference.rst +++ b/docs/x509/reference.rst @@ -1606,6 +1606,45 @@ X.509 Extensions Returns :attr:`~cryptography.x509.oid.ExtensionOID.OCSP_NO_CHECK`. + +.. class:: TLSFeature(features) + + .. versionadded:: 2.1 + + The TLS Feature extension is defined in :rfc:`7633` and is used in + certificates for OCSP Must-Staple. The object is iterable to get every + element. + + :param list features: A list of features to enable from the + :class:`~cryptography.x509.TLSFeatureType` enum. At this time only + ``status_request`` or ``status_request_v2`` are allowed. + + .. attribute:: oid + + :type: :class:`ObjectIdentifier` + + Returns :attr:`~cryptography.x509.oid.ExtensionOID.TLS_FEATURE`. + +.. class:: TLSFeatureType + + .. versionadded:: 2.1 + + An enumeration of TLS Feature types. + + .. attribute:: status_request + + This feature type is defined in :rfc:`6066` and, when embedded in + an X.509 certificate, signals to the client that it should require + a stapled OCSP response in the TLS handshake. Commonly known as OCSP + Must-Staple in certificates. + + .. attribute:: status_request_v2 + + This feature type is defined in :rfc:`6961`. This value is not + commonly used and if you want to enable OCSP Must-Staple you should + use ``status_request``. + + .. class:: NameConstraints(permitted_subtrees, excluded_subtrees) .. versionadded:: 1.0 @@ -2673,6 +2712,12 @@ instances. The following common OIDs are available as constants. identifier for the :class:`~cryptography.x509.OCSPNoCheck` extension type. + .. attribute:: TLS_FEATURE + + Corresponds to the dotted string ``"1.3.6.1.5.5.7.1.24"``. The + identifier for the :class:`~cryptography.x509.TLSFeature` extension + type. + .. attribute:: CRL_NUMBER Corresponds to the dotted string ``"2.5.29.20"``. The identifier for |