aboutsummaryrefslogtreecommitdiffstats
path: root/src/cryptography
diff options
context:
space:
mode:
Diffstat (limited to 'src/cryptography')
-rw-r--r--src/cryptography/hazmat/backends/openssl/x509.py19
-rw-r--r--src/cryptography/x509/base.py7
2 files changed, 26 insertions, 0 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index 9637fc0e..b870eeb7 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -16,6 +16,9 @@ from cryptography.hazmat.backends.openssl.decode_asn1 import (
_REVOKED_CERTIFICATE_EXTENSION_PARSER, _asn1_integer_to_int,
_asn1_string_to_bytes, _decode_x509_name, _obj2txt, _parse_asn1_time
)
+from cryptography.hazmat.backends.openssl.encode_asn1 import (
+ _encode_asn1_int_gc
+)
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import dsa, ec, rsa
@@ -235,6 +238,22 @@ class _CertificateRevocationList(object):
h.update(der)
return h.finalize()
+ def get_revoked_certificate_by_serial_number(self, serial_number):
+ revoked = self._backend._ffi.new("X509_REVOKED **")
+ asn1_int = _encode_asn1_int_gc(self._backend, serial_number)
+ res = self._backend._lib.X509_CRL_get0_by_serial(
+ self._x509_crl, revoked, asn1_int
+ )
+ if res == 0:
+ return None
+ else:
+ self._backend.openssl_assert(
+ revoked[0] != self._backend._ffi.NULL
+ )
+ return _RevokedCertificate(
+ self._backend, self._x509_crl, revoked[0]
+ )
+
@property
def signature_hash_algorithm(self):
oid = self.signature_algorithm_oid
diff --git a/src/cryptography/x509/base.py b/src/cryptography/x509/base.py
index 45b603f0..b14499c9 100644
--- a/src/cryptography/x509/base.py
+++ b/src/cryptography/x509/base.py
@@ -189,6 +189,13 @@ class CertificateRevocationList(object):
Returns bytes using digest passed.
"""
+ @abc.abstractmethod
+ def get_revoked_certificate_by_serial_number(self, serial_number):
+ """
+ Returns an instance of RevokedCertificate or None if the serial_number
+ is not in the CRL.
+ """
+
@abc.abstractproperty
def signature_hash_algorithm(self):
"""
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-02 21:10:52 +0000