Merge remote-tracking branch 'upstream/master' into cert-builder

3 files changed, 29 insertions, 17 deletions

diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst
index ea44a46c..d400e662 100644
--- a/docs/development/test-vectors.rst
+++ b/docs/development/test-vectors.rst
@@ -233,6 +233,8 @@ Custom X.509 Vectors
 * ``cp_user_notice_no_explicit_text.pem`` - An RSA 2048 bit self-signed
   certificate containing a certificate policies extension with a user notice
   with no explicit text.
+* ``cp_invalid.pem`` - An RSA 2048 bit self-signed certificate containing a
+  certificate policies extension with invalid data.
 * ``ian_uri.pem`` - An RSA 2048 bit certificate containing an issuer
   alternative name extension with a ``URI`` general name.
 * ``ocsp_nocheck.pem`` - An RSA 2048 bit self-signed certificate containing
diff --git a/docs/installation.rst b/docs/installation.rst
index 96e1e8de..becab6b0 100644
--- a/docs/installation.rst
+++ b/docs/installation.rst
@@ -45,28 +45,18 @@ dependencies are included. Just run
     $ pip install cryptography
 
 If you prefer to compile it yourself you'll need to have OpenSSL installed.
-There are `pre-compiled binaries`_ available. If your installation is in an
-unusual location set the ``LIB`` and ``INCLUDE`` environment variables to
-include the corresponding locations.For example:
+You can compile OpenSSL yourself as well or use the binaries we build for our
+release infrastructure (`32-bit`_ and `64-bit`_). Wherever you place your copy
+of OpenSSL you'll need to set the ``LIB`` and ``INCLUDE`` environment variables
+to include the proper locations. For example:
 
 .. code-block:: console
 
     C:\> \path\to\vcvarsall.bat x86_amd64
-    C:\> set LIB=C:\OpenSSL\lib\VC\static;C:\OpenSSL\lib;%LIB%
-    C:\> set INCLUDE=C:\OpenSSL\include;%INCLUDE%
+    C:\> set LIB=C:\OpenSSL-win64\lib;%LIB%
+    C:\> set INCLUDE=C:\OpenSSL-win64\include;%INCLUDE%
     C:\> pip install cryptography
 
-You can also choose to build statically or dynamically using the
-``PYCA_WINDOWS_LINK_TYPE`` variable. Allowed values are ``static`` (default)
-and ``dynamic``.
-
-.. code-block:: console
-
-    C:\> \path\to\vcvarsall.bat x86_amd64
-    C:\> set LIB=C:\OpenSSL\lib\VC\static;C:\OpenSSL\lib;%LIB%
-    C:\> set INCLUDE=C:\OpenSSL\include;%INCLUDE%
-    C:\> set PYCA_WINDOWS_LINK_TYPE=dynamic
-    C:\> pip install cryptography
 
 Building cryptography on Linux
 ------------------------------
@@ -186,6 +176,7 @@ information, consult `Greg Wilson's blog post`_ on the subject.
 
 .. _`Homebrew`: http://brew.sh
 .. _`MacPorts`: http://www.macports.org
-.. _`pre-compiled binaries`: https://www.openssl.org/related/binaries.html
+.. _`32-bit`: https://jenkins.cryptography.io/job/openssl-win32-release/
+.. _`64-bit`: https://jenkins.cryptography.io/job/openssl-win64-release/
 .. _`bug in conda`: https://github.com/conda/conda-recipes/issues/110
 .. _`Greg Wilson's blog post`: http://software-carpentry.org/blog/2014/04/mr-biczo-was-right.html
diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst
index 5e58886f..799126b9 100644
--- a/docs/x509/reference.rst
+++ b/docs/x509/reference.rst
@@ -565,6 +565,25 @@ X.509 CSR (Certificate Signing Request) Object
             >>> isinstance(csr.signature_hash_algorithm, hashes.SHA1)
             True
 
+    .. attribute:: extensions
+
+        :type: :class:`Extensions`
+
+        The extensions encoded in the certificate signing request.
+
+        :raises cryptography.x509.DuplicateExtension: If more than one
+            extension of the same type is found within the certificate signing request.
+
+        :raises cryptography.x509.UnsupportedExtension: If the certificate signing request
+            contains an extension that is not supported.
+
+        :raises cryptography.x509.UnsupportedGeneralNameType: If an extension
+            contains a general name that is not supported.
+
+        :raises UnicodeError: If an extension contains IDNA encoding that is
+            invalid or not compliant with IDNA 2008.
+
+
     .. method:: public_bytes(encoding)
 
         .. versionadded:: 1.0