Here is the API I like which doesn't python wrap the x509context, but instead adds optional args of "issuer" and "subject" to the X509Extension() constructor. For example...
ext1 = crypto.X509Extension('subjectKeyIdentifier', False, 'hash', subject=cert, ) ext3 = crypto.X509Extension('basicConstraints', False, 'CA:TRUE') certx.add_extensions( (ext1, ext3) ) ext2 = crypto.X509Extension('authorityKeyIdentifier', False, 'keyid:always,issuer:always', issuer=cert) certx.add_extensions( (ext2, ) )
The attached patch applies to revision 95 of branch ext-context. Compared to the alternatives, this code is shorter and uses less memory.
Here is the API I like which doesn't python wrap the x509context,
but instead adds optional args of "issuer" and "subject" to
the X509Extension() constructor. For example...
ext1 = crypto. X509Extension( 'subjectKeyIden tifier' , False, 'hash', subject=cert, ) X509Extension( 'basicConstrain ts', False, 'CA:TRUE') add_extensions( (ext1, ext3) ) X509Extension( 'authorityKeyId entifier' , False, 'keyid: always, issuer: always' , issuer=cert) add_extensions( (ext2, ) )
ext3 = crypto.
certx.
ext2 = crypto.
certx.
The attached patch applies to revision 95 of branch ext-context.
Compared to the alternatives, this code is shorter and uses less
memory.