diff options
Diffstat (limited to 'docs/x509')
-rw-r--r-- | docs/x509/ocsp.rst | 6 | ||||
-rw-r--r-- | docs/x509/reference.rst | 33 |
2 files changed, 39 insertions, 0 deletions
diff --git a/docs/x509/ocsp.rst b/docs/x509/ocsp.rst index b706b323..163a6a8a 100644 --- a/docs/x509/ocsp.rst +++ b/docs/x509/ocsp.rst @@ -190,6 +190,12 @@ Interfaces The serial number of the certificate to check. + .. attribute:: extensions + + :type: :class:`~cryptography.x509.Extensions` + + The extensions encoded in the request. + .. method:: public_bytes(encoding) :param encoding: The encoding to use. Only diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst index ede08aa5..079fef92 100644 --- a/docs/x509/reference.rst +++ b/docs/x509/reference.rst @@ -2432,6 +2432,30 @@ These extensions are only valid within a :class:`RevokedCertificate` object. :type: :class:`datetime.datetime` +OCSP Extensions +~~~~~~~~~~~~~~~ + +.. class:: OCSPNonce(nonce) + + .. versionadded:: 2.4 + + OCSP nonce is an extension that is only valid inside + :class:`~cryptography.x509.ocsp.OCSPRequest` and + :class:`~cryptography.x509.ocsp.OCSPResponse` objects. The nonce + cryptographically binds a request and a response to prevent replay attacks. + In practice nonces are rarely used in OCSP due to the desire to precompute + OCSP responses at large scale. + + .. attribute:: oid + + :type: :class:`ObjectIdentifier` + + Returns + :attr:`~cryptography.x509.oid.OCSPExtensionOID.NONCE`. + + .. attribute:: nonce + + :type: bytes Object Identifiers ~~~~~~~~~~~~~~~~~~ @@ -2854,6 +2878,15 @@ instances. The following common OIDs are available as constants. Corresponds to the dotted string ``"2.5.29.24"``. + +.. class:: OCSPExtensionOID + + .. versionadded:: 2.4 + + .. attribute:: NONCE + + Corresponds to the dotted string ``"1.3.6.1.5.5.7.48.1.2"``. + Helper Functions ~~~~~~~~~~~~~~~~ .. currentmodule:: cryptography.x509 |