From f7d1b72c8ab1bd3f198965b9747794c82d270341 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 6 Aug 2015 18:49:45 +0100 Subject: add support for OCSPNoCheck to the CertificateBuilder --- src/cryptography/hazmat/backends/openssl/backend.py | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'src') diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index ad88dd9d..4ce6d6d0 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -155,6 +155,15 @@ def _txt2obj_gc(backend, name): return obj +def _encode_ocsp_nocheck(backend, ext): + """ + The OCSP No Check extension is defined as a null ASN.1 value. We can just + return that value directly here in the pp, r tuple form the other + extension encoding functions use. + """ + return [b"\x05\x00"], 2 + + def _encode_key_usage(backend, key_usage): set_bit = backend._lib.ASN1_BIT_STRING_set_bit ku = backend._lib.ASN1_BIT_STRING_new() @@ -485,6 +494,7 @@ _EXTENSION_ENCODE_HANDLERS = { ), x509.OID_CRL_DISTRIBUTION_POINTS: _encode_crl_distribution_points, x509.OID_INHIBIT_ANY_POLICY: _encode_inhibit_any_policy, + x509.OID_OCSP_NO_CHECK: _encode_ocsp_nocheck, } -- cgit v1.2.3 From c58d8bcc6b6e5a6d6aafe59a7e90cee679222e76 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sun, 9 Aug 2015 11:02:44 -0500 Subject: improve comment for ocsp_nocheck encoding --- src/cryptography/hazmat/backends/openssl/backend.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index 4ce6d6d0..3aa210d1 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -157,9 +157,8 @@ def _txt2obj_gc(backend, name): def _encode_ocsp_nocheck(backend, ext): """ - The OCSP No Check extension is defined as a null ASN.1 value. We can just - return that value directly here in the pp, r tuple form the other - extension encoding functions use. + The OCSP No Check extension is defined as a null ASN.1 value. Rather than + calling OpenSSL we can return a Python bytestring value in a list. """ return [b"\x05\x00"], 2 -- cgit v1.2.3