From 5a48552b4b7fc4d108b6d45232769f111fe38896 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Wed, 6 May 2015 00:29:12 -0500
Subject: add CRLDistributionPoints and associated classes

---
 docs/x509.rst | 72 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 72 insertions(+)

(limited to 'docs')

diff --git a/docs/x509.rst b/docs/x509.rst
index f4ea2a52..9ef8e149 100644
--- a/docs/x509.rst
+++ b/docs/x509.rst
@@ -781,6 +781,8 @@ X.509 Extensions
 
 .. class:: AccessDescription
 
+    .. versionadded:: 0.9
+
     .. attribute:: access_method
 
         :type: :class:`ObjectIdentifier`
@@ -798,6 +800,76 @@ X.509 Extensions
 
         Where to access the information defined by the access method.
 
+.. class:: CRLDistributionPoints
+
+    .. versionadded:: 0.9
+
+    The CRL distribution points extension identifies how CRL information is
+    obtained. It is an iterable, containing one or more
+    :class:`DistributionPoint` instances.
+
+.. class:: DistributionPoint
+
+    .. versionadded:: 0.9
+
+    .. attribute:: distribution_point
+
+        :type: list of :class:`GeneralName` instances, :class:`Name`, or None
+
+        This field describes methods to retrieve the CRL.
+
+    .. attribute:: crl_issuer
+
+        :type: list of :class:`GeneralName` instances or None
+
+        Information about the issuer of the CRL.
+
+    .. attribute:: reasons
+
+        :type: :class:`ReasonFlags` or None
+
+        The reasons a given distribution point may be used for when performing
+        revocation checks.
+
+.. class:: ReasonFlags
+
+    .. versionadded:: 0.9
+
+    This class holds reasons a distribution point may be used for when
+    performing revocation checks.
+
+    .. attribute:: key_compromise
+
+        :type: bool
+
+    .. attribute:: ca_compromise
+
+        :type: bool
+
+    .. attribute:: affiliation_changed
+
+        :type: bool
+
+    .. attribute:: superseded
+
+        :type: bool
+
+    .. attribute:: cessation_of_operation
+
+        :type: bool
+
+    .. attribute:: certificate_hold
+
+        :type: bool
+
+    .. attribute:: privilege_withdrawn
+
+        :type: bool
+
+    .. attribute:: aa_compromise
+
+        :type: bool
+
 Object Identifiers
 ~~~~~~~~~~~~~~~~~~
 
-- 
cgit v1.2.3


From 4e8dacd02ec4c4b8238e5ebdfcd5ab26348ec658 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Sat, 9 May 2015 10:38:23 -0500
Subject: separate full_name/relative_name and change reasons to an enumeration

---
 docs/x509.rst | 49 +++++++++++++++++++++++++++++++++++--------------
 1 file changed, 35 insertions(+), 14 deletions(-)

(limited to 'docs')

diff --git a/docs/x509.rst b/docs/x509.rst
index 9ef8e149..3cf4f905 100644
--- a/docs/x509.rst
+++ b/docs/x509.rst
@@ -812,11 +812,19 @@ X.509 Extensions
 
     .. versionadded:: 0.9
 
-    .. attribute:: distribution_point
+    .. attribute:: full_name
 
-        :type: list of :class:`GeneralName` instances, :class:`Name`, or None
+        :type: list of :class:`GeneralName` instances or None
+
+        This field describes methods to retrieve the CRL. If this is not None
+        then ``relative_name`` must be None.
+
+    .. attribute:: relative_name
+
+        :type: :class:`Name` or None
 
-        This field describes methods to retrieve the CRL.
+        This field describes methods to retrieve the CRL relative to the CRL
+        issuer. If this is not None then ``full_name`` must be None.
 
     .. attribute:: crl_issuer
 
@@ -826,7 +834,7 @@ X.509 Extensions
 
     .. attribute:: reasons
 
-        :type: :class:`ReasonFlags` or None
+        :type: list of :class:`ReasonFlags` or None
 
         The reasons a given distribution point may be used for when performing
         revocation checks.
@@ -835,40 +843,53 @@ X.509 Extensions
 
     .. versionadded:: 0.9
 
-    This class holds reasons a distribution point may be used for when
-    performing revocation checks.
+    An enumeration for CRL reasons.
+
+    .. attribute:: unspecified
+
+        It is unspecified why the certificate was revoked. This reason cannot
+        be used as a reason flag in a :class:`DistributionPoint`.
 
     .. attribute:: key_compromise
 
-        :type: bool
+        This reason indicates that the private key was compromised.
 
     .. attribute:: ca_compromise
 
-        :type: bool
+        This reason indicates that the CA issuing the certificate was
+        compromised.
 
     .. attribute:: affiliation_changed
 
-        :type: bool
+        This reason indicates that the subject's name or other information has
+        changed.
 
     .. attribute:: superseded
 
-        :type: bool
+        This reason indicates that a certificate has been superseded.
 
     .. attribute:: cessation_of_operation
 
-        :type: bool
+        This reason indicates that the certificate is no longer required.
 
     .. attribute:: certificate_hold
 
-        :type: bool
+        This reason indicates that the certificate is on hold.
 
     .. attribute:: privilege_withdrawn
 
-        :type: bool
+        This reason indicates that the privilege granted by this certificate
+        have been withdrawn.
 
     .. attribute:: aa_compromise
 
-        :type: bool
+        When an attribute authority has been compromised.
+
+    .. attribute:: remove_from_crl
+
+        This reason indicates that the certificate was on hold and should be
+        removed from the CRL. This reason cannot be used as a reason flag
+        in a :class:`DistributionPoint`.
 
 Object Identifiers
 ~~~~~~~~~~~~~~~~~~
-- 
cgit v1.2.3


From f2c072bf271f1ae0081a58fdf232110cc5af815d Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Sat, 9 May 2015 17:04:28 -0500
Subject: update doc language

---
 docs/x509.rst | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'docs')

diff --git a/docs/x509.rst b/docs/x509.rst
index 3cf4f905..f9992e20 100644
--- a/docs/x509.rst
+++ b/docs/x509.rst
@@ -816,15 +816,16 @@ X.509 Extensions
 
         :type: list of :class:`GeneralName` instances or None
 
-        This field describes methods to retrieve the CRL. If this is not None
-        then ``relative_name`` must be None.
+        This field describes methods to retrieve the CRL. At most one of
+        ``full_name`` or ``relative_name`` will be non-None.
 
     .. attribute:: relative_name
 
         :type: :class:`Name` or None
 
         This field describes methods to retrieve the CRL relative to the CRL
-        issuer. If this is not None then ``full_name`` must be None.
+        issuer. At most one of ``full_name`` or ``relative_name`` will be
+        non-None.
 
     .. attribute:: crl_issuer
 
-- 
cgit v1.2.3


From 3fd0260a3dd110d99c0174c3937aa3d86b0d9ba0 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Sat, 9 May 2015 19:46:13 -0500
Subject: switch reasons to frozenset

---
 docs/x509.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'docs')

diff --git a/docs/x509.rst b/docs/x509.rst
index f9992e20..86673e3b 100644
--- a/docs/x509.rst
+++ b/docs/x509.rst
@@ -835,7 +835,7 @@ X.509 Extensions
 
     .. attribute:: reasons
 
-        :type: list of :class:`ReasonFlags` or None
+        :type: frozenset of :class:`ReasonFlags` or None
 
         The reasons a given distribution point may be used for when performing
         revocation checks.
-- 
cgit v1.2.3