diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-08-06 18:49:45 +0100 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-08-09 10:37:59 -0500 |
| commit | f7d1b72c8ab1bd3f198965b9747794c82d270341 (patch) | |
| tree | d6ff9a7a27f2892420f9cf641678aa20804a45f1 /src | |
| parent | 8020e564eaee293dfe743623d75629bd3f51eb87 (diff) | |
| download | cryptography-f7d1b72c8ab1bd3f198965b9747794c82d270341.tar.gz cryptography-f7d1b72c8ab1bd3f198965b9747794c82d270341.tar.bz2 cryptography-f7d1b72c8ab1bd3f198965b9747794c82d270341.zip | |
add support for OCSPNoCheck to the CertificateBuilder
Diffstat (limited to 'src')
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/backend.py | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index ad88dd9d..4ce6d6d0 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -155,6 +155,15 @@ def _txt2obj_gc(backend, name): return obj +def _encode_ocsp_nocheck(backend, ext): + """ + The OCSP No Check extension is defined as a null ASN.1 value. We can just + return that value directly here in the pp, r tuple form the other + extension encoding functions use. + """ + return [b"\x05\x00"], 2 + + def _encode_key_usage(backend, key_usage): set_bit = backend._lib.ASN1_BIT_STRING_set_bit ku = backend._lib.ASN1_BIT_STRING_new() @@ -485,6 +494,7 @@ _EXTENSION_ENCODE_HANDLERS = { ), x509.OID_CRL_DISTRIBUTION_POINTS: _encode_crl_distribution_points, x509.OID_INHIBIT_ANY_POLICY: _encode_inhibit_any_policy, + x509.OID_OCSP_NO_CHECK: _encode_ocsp_nocheck, } |