diff options
| -rw-r--r-- | docs/x509/reference.rst | 16 | ||||
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/backend.py | 18 | ||||
| -rw-r--r-- | src/cryptography/x509.py | 5 |
3 files changed, 10 insertions, 29 deletions
diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst index 65e3880d..b6c2f8a8 100644 --- a/docs/x509/reference.rst +++ b/docs/x509/reference.rst @@ -393,10 +393,6 @@ X.509 Certificate Builder .. class:: CertificateBuilder - .. method:: __init__() - - Creates an empty certificate (version 1). - .. method:: set_version(version) Sets the X.509 version that will be used in the certificate. @@ -404,27 +400,27 @@ X.509 Certificate Builder :param version: The :class:`~cryptography.x509.Version` that will be used by the certificate. - .. method:: set_issuer_name(name) + .. method:: issuer_name(name) Sets the issuer's distinguished name. :param public_key: The :class:`~cryptography.x509.Name` that describes the issuer (CA). - .. method:: set_subject_name(name) + .. method:: subject_name(name) Sets the subject's distinguished name. :param public_key: The :class:`~cryptography.x509.Name` that describes the subject (requester). - .. method:: set_public_key(public_key) + .. method:: public_key(public_key) Sets the subject's public key. :param public_key: The subject's public key. - .. method:: set_serial_number(serial_number) + .. method:: serial_number(serial_number) Sets the certificate's serial number (an integer). The CA's policy determines how it attributes serial numbers to certificates. The only @@ -435,7 +431,7 @@ X.509 Certificate Builder identify this certificate (most notably during certificate revocation checking). - .. method:: set_not_valid_before(time) + .. method:: not_valid_before(time) Sets the certificate's activation time. This is the time from which clients can start trusting the certificate. It may be different from @@ -445,7 +441,7 @@ X.509 Certificate Builder activation time for the certificate. The certificate may not be trusted clients if it is used before this time. - .. method:: set_not_valid_after(time) + .. method:: not_valid_after(time) Sets the certificate's expiration time. This is the time from which clients should no longer trust the certificate. The CA's policy will diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index 04f631f9..1c912e6c 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -95,22 +95,6 @@ def _encode_asn1_str_gc(backend, data, length): return s -def _make_asn1_int(backend, x): - i = backend._lib.ASN1_INTEGER_new() - # i = backend._ffi.gc(i, backend._lib.ASN1_INTEGER_free) - backend._lib.ASN1_INTEGER_set(i, x) - return i - - -def _make_asn1_str(backend, x, n=None): - if n is None: - n = len(x) - s = backend._lib.ASN1_OCTET_STRING_new() - # s = backend._ffi.gc(s, backend._lib.ASN1_OCTET_STRING_free) - backend._lib.ASN1_OCTET_STRING_set(s, x, n) - return s - - def _encode_name(backend, attributes): """ The X509_NAME created will not be gc'd. Use _encode_name_gc if needed. @@ -1039,7 +1023,7 @@ class Backend(object): assert res == 1 # Set the certificate serial number. - serial_number = _make_asn1_int(self, builder._serial_number) + serial_number = _encode_asn1_int(self, builder._serial_number) self._lib.X509_set_serialNumber(x509_cert, serial_number) # Set the "not before" time. diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py index c04b8c9c..a9d4430d 100644 --- a/src/cryptography/x509.py +++ b/src/cryptography/x509.py @@ -1746,6 +1746,7 @@ class CertificateBuilder(object): """ Signs the certificate using the CA's private key. """ + builder = self if self._version is None: - self._version = Version.v1 - return backend.sign_x509_certificate(self, private_key, algorithm) + builder = self.version(Version.v3) + return backend.sign_x509_certificate(builder, private_key, algorithm) |