pyOpenSSL

Overview
Code
Bugs
Blueprints
Translations
Answers

Bug #322813
Comment #7

Comment 7 for bug 322813

Revision history for this message

rick_dean (rick-fdd) wrote on 2009-02-25:

pyOpenSSL-bzr95-x509v3-no-ctx.patch Edit (6.1 KiB, text/x-diff)

Here is the API I like which doesn't python wrap the x509context,
but instead adds optional args of "issuer" and "subject" to
the X509Extension() constructor. For example...

ext1 = crypto.X509Extension('subjectKeyIdentifier', False, 'hash', subject=cert, )
ext3 = crypto.X509Extension('basicConstraints', False, 'CA:TRUE')
certx.add_extensions( (ext1, ext3) )
ext2 = crypto.X509Extension('authorityKeyIdentifier', False, 'keyid:always,issuer:always', issuer=cert)
certx.add_extensions( (ext2, ) )

The attached patch applies to revision 95 of branch ext-context.
Compared to the alternatives, this code is shorter and uses less
memory.