Merge pull request #2541 from reaperhulk/crl-serialization

add a CRL public_bytes method

2 files changed, 19 insertions, 0 deletions

diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index f50a0d5d..b7a88a4a 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -833,6 +833,20 @@ class _CertificateRevocationList(object):
         )
         return self._backend._ffi.buffer(pp[0], res)[:]
 
+    def public_bytes(self, encoding):
+        bio = self._backend._create_mem_bio()
+        if encoding is serialization.Encoding.PEM:
+            res = self._backend._lib.PEM_write_bio_X509_CRL(
+                bio, self._x509_crl
+            )
+        elif encoding is serialization.Encoding.DER:
+            res = self._backend._lib.i2d_X509_CRL_bio(bio, self._x509_crl)
+        else:
+            raise TypeError("encoding must be an item from the Encoding enum")
+
+        self._backend.openssl_assert(res == 1)
+        return self._backend._read_mem_bio(bio)
+
     def _revoked_certificates(self):
         revoked = self._backend._lib.X509_CRL_get_REVOKED(self._x509_crl)
         revoked_list = []
diff --git a/src/cryptography/x509/base.py b/src/cryptography/x509/base.py
index 49761046..057d0e9b 100644
--- a/src/cryptography/x509/base.py
+++ b/src/cryptography/x509/base.py
@@ -156,6 +156,11 @@ class Certificate(object):
 
 @six.add_metaclass(abc.ABCMeta)
 class CertificateRevocationList(object):
+    @abc.abstractmethod
+    def public_bytes(self, encoding):
+        """
+        Serializes the CRL to PEM or DER format.
+        """
 
     @abc.abstractmethod
     def fingerprint(self, algorithm):