aboutsummaryrefslogtreecommitdiffstats
path: root/docs/x509
diff options
context:
space:
mode:
Diffstat (limited to 'docs/x509')
-rw-r--r--docs/x509/ocsp.rst6
-rw-r--r--docs/x509/reference.rst33
2 files changed, 39 insertions, 0 deletions
diff --git a/docs/x509/ocsp.rst b/docs/x509/ocsp.rst
index b706b323..163a6a8a 100644
--- a/docs/x509/ocsp.rst
+++ b/docs/x509/ocsp.rst
@@ -190,6 +190,12 @@ Interfaces
The serial number of the certificate to check.
+ .. attribute:: extensions
+
+ :type: :class:`~cryptography.x509.Extensions`
+
+ The extensions encoded in the request.
+
.. method:: public_bytes(encoding)
:param encoding: The encoding to use. Only
diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst
index ede08aa5..079fef92 100644
--- a/docs/x509/reference.rst
+++ b/docs/x509/reference.rst
@@ -2432,6 +2432,30 @@ These extensions are only valid within a :class:`RevokedCertificate` object.
:type: :class:`datetime.datetime`
+OCSP Extensions
+~~~~~~~~~~~~~~~
+
+.. class:: OCSPNonce(nonce)
+
+ .. versionadded:: 2.4
+
+ OCSP nonce is an extension that is only valid inside
+ :class:`~cryptography.x509.ocsp.OCSPRequest` and
+ :class:`~cryptography.x509.ocsp.OCSPResponse` objects. The nonce
+ cryptographically binds a request and a response to prevent replay attacks.
+ In practice nonces are rarely used in OCSP due to the desire to precompute
+ OCSP responses at large scale.
+
+ .. attribute:: oid
+
+ :type: :class:`ObjectIdentifier`
+
+ Returns
+ :attr:`~cryptography.x509.oid.OCSPExtensionOID.NONCE`.
+
+ .. attribute:: nonce
+
+ :type: bytes
Object Identifiers
~~~~~~~~~~~~~~~~~~
@@ -2854,6 +2878,15 @@ instances. The following common OIDs are available as constants.
Corresponds to the dotted string ``"2.5.29.24"``.
+
+.. class:: OCSPExtensionOID
+
+ .. versionadded:: 2.4
+
+ .. attribute:: NONCE
+
+ Corresponds to the dotted string ``"1.3.6.1.5.5.7.48.1.2"``.
+
Helper Functions
~~~~~~~~~~~~~~~~
.. currentmodule:: cryptography.x509