diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2015-03-23 21:49:25 -0500 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2015-03-23 21:49:25 -0500 |
| commit | 8c8ee123cbe76fc7cdfca9c9313b16e11059b511 (patch) | |
| tree | ff769206a473cd59c12979efc4530b7cf2c7e191 /docs | |
| parent | a1f968aec9fa396739fbe0280c60262a8fbb6675 (diff) | |
| parent | 5553d576f3bc3f65b84de99a2561360f82fc110f (diff) | |
| download | cryptography-8c8ee123cbe76fc7cdfca9c9313b16e11059b511.tar.gz cryptography-8c8ee123cbe76fc7cdfca9c9313b16e11059b511.tar.bz2 cryptography-8c8ee123cbe76fc7cdfca9c9313b16e11059b511.zip | |
Merge pull request #1768 from reaperhulk/basic-constraints
basic constraints class & extensions interface
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/x509.rst | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/docs/x509.rst b/docs/x509.rst index 27f1d544..13218914 100644 --- a/docs/x509.rst +++ b/docs/x509.rst @@ -273,6 +273,61 @@ X.509 Certificate Object The dotted string value of the OID (e.g. ``"2.5.4.3"``) +X.509 Extensions +~~~~~~~~~~~~~~~~ + +.. class:: Extension + + .. versionadded:: 0.9 + + .. attribute:: oid + + :type: :class:`ObjectIdentifier` + + The :ref:`extension OID <extension_oids>`. + + .. attribute:: critical + + :type: bool + + Determines whether a given extension is critical or not. :rfc:`5280` + requires that "A certificate-using system MUST reject the certificate + if it encounters a critical extension it does not recognize or a + critical extension that contains information that it cannot process". + + .. attribute:: value + + Returns an instance of the extension type corresponding to the OID. + +.. class:: BasicConstraints + + .. versionadded:: 0.9 + + Basic constraints is an X.509 extension type that defines whether a given + certificate is allowed to sign additional certificates and what path + length restrictions may exist. It corresponds to + :data:`OID_BASIC_CONSTRAINTS`. + + .. attribute:: ca + + :type: bool + + Whether the certificate can sign certificates. + + .. attribute:: path_length + + :type: int or None + + The maximum path length for certificates subordinate to this + certificate. This attribute only has meaning if ``ca`` is true. + If ``ca`` is true then a path length of None means there's no + restriction on the number of subordinate CAs in the certificate chain. + If it is zero or greater then that number defines the maximum length. + For example, a ``path_length`` of 1 means the certificate can sign a + subordinate CA, but the subordinate CA is not allowed to create + subordinates with ``ca`` set to true. + + Object Identifiers ~~~~~~~~~~~~~~~~~~ @@ -430,6 +485,16 @@ Signature Algorithm OIDs Corresponds to the dotted string ``2.16.840.1.101.3.4.3.2"``. This is a SHA256 digest signed by a DSA key. +.. _extension_oids: + +Extension OIDs +~~~~~~~~~~~~~~ + +.. data:: OID_BASIC_CONSTRAINTS + + Corresponds to the dotted string ``"2.5.29.19"``. The identifier for the + :class:`BasicConstraints` extension type. + Exceptions ~~~~~~~~~~ |