Support CRL loading and export

Bug #404436 reported by rick_dean
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Fix Released
Nominated for Main by sebvieira

Bug Description

Here is a patch that implements a CRL interface.
The API is different that previous patches because
it wraps struct X509_REVOKED as well. See branch

The patch supports loading and exporting all formats
(PEM, DER, and text). CRL can be both created and
inspected. Full documentation and test cases are

The major lacking features are reason codes and their
associated extensions. Also, the OpenSSL.CRL.export
method has too many parameters because IMHO signing
should be a distinct method. Nonetheless, the
code currently is quite usable.

Unlike the PKCS12 implementation, CRL objects do not
contain references to other python objects. This means
adding and getting are all by value, but it simplifies
the code. I can provide a less complete patch of
the other method using GC if requested, but I think
it will also be harder to extend.

Unlike X509, OpenSSL.Revoked.get_serial() returns a
hex string, not an integer. Likewise for set_serial().

Related branches

Revision history for this message
rick_dean (rick-fdd) wrote :
Revision history for this message
rick_dean (rick-fdd) wrote :

Here is a version of the patch that applies cleanly to the tip of main.

Revision history for this message
rick_dean (rick-fdd) wrote :

The previous patch was incomplete.

This patch adapts the tip of the branch crl_and_revoked, which contained some later changes like revocation reasons.

The biggest change in the merge was removing the introduction of a second _runopenssl().

Revision history for this message
rick_dean (rick-fdd) wrote :

Wow. Third time is a charm.

Revision history for this message
seth vidal (skvidal) wrote :

Any word on if this has been accepted?

Revision history for this message
Jean-Paul Calderone (exarkun) wrote :

There's some more info on the merge proposal, which I've added a link to above.

Changed in pyopenssl:
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.