Support CRL loading and export
Nominated for Main by sebvieira
Here is a patch that implements a CRL interface.
The API is different that previous patches because
it wraps struct X509_REVOKED as well. See branch
The patch supports loading and exporting all formats
(PEM, DER, and text). CRL can be both created and
inspected. Full documentation and test cases are
The major lacking features are reason codes and their
associated extensions. Also, the OpenSSL.CRL.export
method has too many parameters because IMHO signing
should be a distinct method. Nonetheless, the
code currently is quite usable.
Unlike the PKCS12 implementation, CRL objects do not
contain references to other python objects. This means
adding and getting are all by value, but it simplifies
the code. I can provide a less complete patch of
the other method using GC if requested, but I think
it will also be harder to extend.
Unlike X509, OpenSSL.
hex string, not an integer. Likewise for set_serial().
- Jean-Paul Calderone: Pending requested 2009-11-09
Diff: 1316 lines (+1131/-11)11 files modifieddoc/pyOpenSSL.tex (+68/-0)
|Changed in pyopenssl:|
|status:||New → Fix Released|