From eb177931f825308f9b4df9c789f76b7ce04751f6 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sun, 17 May 2015 18:33:33 -0700 Subject: IPAddress needs to support networks for nameconstraints --- docs/x509.rst | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'docs/x509.rst') diff --git a/docs/x509.rst b/docs/x509.rst index ff43be01..850e3df1 100644 --- a/docs/x509.rst +++ b/docs/x509.rst @@ -509,8 +509,9 @@ General Name Classes .. attribute:: value - :type: :class:`~ipaddress.IPv4Address` or - :class:`~ipaddress.IPv6Address`. + :type: :class:`~ipaddress.IPv4Address`, + :class:`~ipaddress.IPv6Address`, :class:`~ipaddress.IPv4Network`, + or :class:`~ipaddress.IPv6Network`. .. class:: RegisteredID -- cgit v1.2.3 From 4a1038e0742c720a6046f9bb20f1156ce8624c6b Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Mon, 18 May 2015 10:28:31 -0700 Subject: add ocsp no check --- docs/x509.rst | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'docs/x509.rst') diff --git a/docs/x509.rst b/docs/x509.rst index 850e3df1..3f1af86c 100644 --- a/docs/x509.rst +++ b/docs/x509.rst @@ -699,6 +699,19 @@ X.509 Extensions purposes indicated in the key usage extension. The object is iterable to obtain the list of :ref:`extended key usage OIDs `. +.. class:: OCSPNoCheck + + .. versionadded:: 0.10 + + This presence of this extension indicates that an OCSP client can trust a + responder for the lifetime of the responder's certificate. CAs issuing + such a certificate should realize that a compromise of the responder's key + is as serious as the compromise of a CA key used to sign CRLs, at least for + the validity period of this certificate. CA's may choose to issue this type + of certificate with a very short lifetime and renew it frequently. This + extension is only relevant when the certificate is an authorized OCSP + responder. + .. class:: AuthorityKeyIdentifier .. versionadded:: 0.9 @@ -1235,6 +1248,11 @@ Extension OIDs Corresponds to the dotted string ``"1.3.6.1.5.5.7.1.1"``. The identifier for the :class:`AuthorityInformationAccess` extension type. +.. data:: OID_OCSP_NO_CHECK + + Corresponds to the dotted string ``"1.3.6.1.5.5.7.48.1.5"``. The identifier + for the :class:`OCSPNoCheck` extension type. + Exceptions ~~~~~~~~~~ -- cgit v1.2.3