diff options
author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-03-21 09:50:24 -0500 |
---|---|---|
committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-03-21 09:50:24 -0500 |
commit | 8cf26425504d22dbcf463ff702a167cbe3567e6a (patch) | |
tree | f3ba09fa8e195bcbc471272ce15a5f30ad95b922 /docs | |
parent | 80fa2a291ef391e7c52d035e444af85877789c15 (diff) | |
download | cryptography-8cf26425504d22dbcf463ff702a167cbe3567e6a.tar.gz cryptography-8cf26425504d22dbcf463ff702a167cbe3567e6a.tar.bz2 cryptography-8cf26425504d22dbcf463ff702a167cbe3567e6a.zip |
basic constraints class & extensions interface
Diffstat (limited to 'docs')
-rw-r--r-- | docs/x509.rst | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/docs/x509.rst b/docs/x509.rst index 27f1d544..89265df2 100644 --- a/docs/x509.rst +++ b/docs/x509.rst @@ -273,6 +273,49 @@ X.509 Certificate Object The dotted string value of the OID (e.g. ``"2.5.4.3"``) +X.509 Extensions +~~~~~~~~~~~~~~~~ + +.. class:: Extension + + .. versionadded:: 0.9 + + All X.509 extensions are registered against this interface. + + .. attribute:: critical + + :type: bool + + Determines whether a given extension is critical or not. + +.. class:: BasicConstraints + + .. versionadded:: 0.9 + + Basic constraints is an X.509 extension that defines whether a given + certificate is allowed to sign additional certificates and what path + length restrictions may exist. + + .. attribute:: ca + + :type: bool + + Whether the certificate can sign certificates. + + .. attribute:: path_length + + :type: int, None + + The maximum path length for certificates subordinate to this + certificate. This attribute only has meaning if ``ca`` is true. + If ``ca`` is true then a path length of None means there's no + restriction on the number of subordinate CAs in the certificate chain. + If it is zero or greater then that number defines the maximum length. + For example, a ``path_length`` of 1 means the certificate can sign a + subordinate CA, but the subordinate CA is not allowed to create + ``ca`` true certificates. + + Object Identifiers ~~~~~~~~~~~~~~~~~~ |