diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-05-18 09:53:47 -0700 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2016-02-26 07:56:42 -0600 |
| commit | 7e8fe9df4328f0d3134a502b5d3bc05435de7e6e (patch) | |
| tree | e9f366f611137e2a42d4ee5cd3359b6c829e15db /docs | |
| parent | 4a00dcd02b1d3c10f76273889e12b088662b218f (diff) | |
| download | cryptography-7e8fe9df4328f0d3134a502b5d3bc05435de7e6e.tar.gz cryptography-7e8fe9df4328f0d3134a502b5d3bc05435de7e6e.tar.bz2 cryptography-7e8fe9df4328f0d3134a502b5d3bc05435de7e6e.zip | |
add policy constraints class
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/x509/reference.rst | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst index 8bb3f40d..14fc37c8 100644 --- a/docs/x509/reference.rst +++ b/docs/x509/reference.rst @@ -1860,6 +1860,40 @@ X.509 Extensions :type: int +.. class:: PolicyConstraints + + .. versionadded:: 1.3 + + The policy constraints extension can be used in certificates issued + to CAs. The policy constraints extension constrains path validation + in two ways. It can be used to prohibit policy mapping or require + that each certificate in a path contain an acceptable policy + identifier. For more information about the use of this extension see + :rfc:`5280`. + + .. attribute:: require_explicit_policy + + :type: int or None + + If this field is present, the value indicates the number of additional + certificates that may appear in the path before an explicit policy is + required for the entire path. When an explicit policy is required, it + is necessary for all certificates in the path to contain an acceptable + policy identifier in the certificate policies extension. An + acceptable policy identifier is the identifier of a policy required + by the user of the certification path or the identifier of a policy + that has been declared equivalent through policy mapping. + + .. attribute:: inhibit_policy_mapping + + :type: int or None + + If this field is present, the value indicates the number of additional + certificates that may appear in the path before policy mapping is no + longer permitted. For example, a value of one indicates that policy + mapping may be processed in certificates issued by the subject of this + certificate, but not in additional certificates in the path. + .. class:: CRLNumber(crl_number) .. versionadded:: 1.2 @@ -2392,6 +2426,12 @@ instances. The following common OIDs are available as constants. the ``CRLNumber`` extension type. This extension only has meaning for certificate revocation lists. + .. attribute:: POLICY_CONSTRAINTS + + Corresponds to the dotted string ``"2.5.29.36"``. The identifier for the + :class:`PolicyConstraints` extension type. + + .. class:: CRLEntryExtensionOID .. versionadded:: 1.2 |