diff options
| -rw-r--r-- | docs/x509/reference.rst | 16 | ||||
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/backend.py | 18 | ||||
| -rw-r--r-- | src/cryptography/x509.py | 5 | 
3 files changed, 10 insertions, 29 deletions
| diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst index 65e3880d..b6c2f8a8 100644 --- a/docs/x509/reference.rst +++ b/docs/x509/reference.rst @@ -393,10 +393,6 @@ X.509 Certificate Builder  .. class:: CertificateBuilder -    .. method:: __init__() - -        Creates an empty certificate (version 1). -      .. method:: set_version(version)          Sets the X.509 version that will be used in the certificate. @@ -404,27 +400,27 @@ X.509 Certificate Builder          :param version: The :class:`~cryptography.x509.Version` that will be              used by the certificate. -    .. method:: set_issuer_name(name) +    .. method:: issuer_name(name)          Sets the issuer's distinguished name.          :param public_key: The :class:`~cryptography.x509.Name` that describes              the issuer (CA). -    .. method:: set_subject_name(name) +    .. method:: subject_name(name)          Sets the subject's distinguished name.          :param public_key: The :class:`~cryptography.x509.Name` that describes              the subject (requester). -    .. method:: set_public_key(public_key) +    .. method:: public_key(public_key)          Sets the subject's public key.          :param public_key: The subject's public key. -    .. method:: set_serial_number(serial_number) +    .. method:: serial_number(serial_number)          Sets the certificate's serial number (an integer).  The CA's policy          determines how it attributes serial numbers to certificates.  The only @@ -435,7 +431,7 @@ X.509 Certificate Builder              identify this certificate (most notably during certificate              revocation checking). -    .. method:: set_not_valid_before(time) +    .. method:: not_valid_before(time)          Sets the certificate's activation time.  This is the time from which          clients can start trusting the certificate.  It may be different from @@ -445,7 +441,7 @@ X.509 Certificate Builder              activation time for the certificate.  The certificate may not be              trusted clients if it is used before this time. -    .. method:: set_not_valid_after(time) +    .. method:: not_valid_after(time)          Sets the certificate's expiration time.  This is the time from which          clients should no longer trust the certificate.  The CA's policy will diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index 04f631f9..1c912e6c 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -95,22 +95,6 @@ def _encode_asn1_str_gc(backend, data, length):      return s -def _make_asn1_int(backend, x): -    i = backend._lib.ASN1_INTEGER_new() -    # i = backend._ffi.gc(i, backend._lib.ASN1_INTEGER_free) -    backend._lib.ASN1_INTEGER_set(i, x) -    return i - - -def _make_asn1_str(backend, x, n=None): -    if n is None: -        n = len(x) -    s = backend._lib.ASN1_OCTET_STRING_new() -    # s = backend._ffi.gc(s, backend._lib.ASN1_OCTET_STRING_free) -    backend._lib.ASN1_OCTET_STRING_set(s, x, n) -    return s - -  def _encode_name(backend, attributes):      """      The X509_NAME created will not be gc'd. Use _encode_name_gc if needed. @@ -1039,7 +1023,7 @@ class Backend(object):          assert res == 1          # Set the certificate serial number. -        serial_number = _make_asn1_int(self, builder._serial_number) +        serial_number = _encode_asn1_int(self, builder._serial_number)          self._lib.X509_set_serialNumber(x509_cert, serial_number)          # Set the "not before" time. diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py index c04b8c9c..a9d4430d 100644 --- a/src/cryptography/x509.py +++ b/src/cryptography/x509.py @@ -1746,6 +1746,7 @@ class CertificateBuilder(object):          """          Signs the certificate using the CA's private key.          """ +        builder = self          if self._version is None: -            self._version = Version.v1 -        return backend.sign_x509_certificate(self, private_key, algorithm) +            builder = self.version(Version.v3) +        return backend.sign_x509_certificate(builder, private_key, algorithm) | 
