Support CRL loading and export
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pyOpenSSL |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
Here is a patch that implements a CRL interface.
The API is different that previous patches because
it wraps struct X509_REVOKED as well. See branch
lp:~rick-fdd/pyopenssl/crl_and_revoked
The patch supports loading and exporting all formats
(PEM, DER, and text). CRL can be both created and
inspected. Full documentation and test cases are
provided.
The major lacking features are reason codes and their
associated extensions. Also, the OpenSSL.CRL.export
method has too many parameters because IMHO signing
should be a distinct method. Nonetheless, the
code currently is quite usable.
Unlike the PKCS12 implementation, CRL objects do not
contain references to other python objects. This means
adding and getting are all by value, but it simplifies
the code. I can provide a less complete patch of
the other method using GC if requested, but I think
it will also be harder to extend.
Unlike X509, OpenSSL.
hex string, not an integer. Likewise for set_serial().
Related branches
- Jean-Paul Calderone: Pending requested
-
Diff: 1316 lines (+1131/-11)11 files modifieddoc/pyOpenSSL.tex (+68/-0)
setup.py (+2/-0)
src/crypto/crl.c (+294/-0)
src/crypto/crl.h (+19/-0)
src/crypto/crypto.c (+52/-1)
src/crypto/crypto.h (+2/-0)
src/crypto/revoked.c (+451/-0)
src/crypto/revoked.h (+18/-0)
src/crypto/x509.c (+8/-8)
src/crypto/x509.h (+4/-2)
test/test_crypto.py (+213/-0)
Changed in pyopenssl: | |
status: | New → Fix Released |
Here is a version of the patch that applies cleanly to the tip of main.