From 6c02ee85bcd68e1e4fc6770421699fbd07c9b3e9 Mon Sep 17 00:00:00 2001 From: Vincent Pelletier Date: Sat, 12 Aug 2017 22:05:00 +0900 Subject: Add is_signature_valid method on CertificateRevocationList (#3849) --- docs/development/test-vectors.rst | 5 +++++ docs/x509/reference.rst | 6 ++++++ 2 files changed, 11 insertions(+) (limited to 'docs') diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst index eb95a62e..ec6a1d0c 100644 --- a/docs/development/test-vectors.rst +++ b/docs/development/test-vectors.rst @@ -369,6 +369,11 @@ Custom X.509 Certificate Revocation List Vectors * ``crl_ian_aia_aki.pem`` - Contains a CRL with ``IssuerAlternativeName``, ``AuthorityInformationAccess``, ``AuthorityKeyIdentifier`` and ``CRLNumber`` extensions. +* ``valid_signature.pem`` - Contains a CRL with the public key which was used + to generate it. +* ``invalid_signature.pem`` - Contains a CRL with the last signature byte + incremented by 1 to produce an invalid signature, and the public key which + was used to generate it. Hashes ~~~~~~ diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst index 8b976119..47f76254 100644 --- a/docs/x509/reference.rst +++ b/docs/x509/reference.rst @@ -563,6 +563,12 @@ X.509 CRL (Certificate Revocation List) Object over the network and used as part of a certificate verification process. + .. method:: is_signature_valid(public_key) + + .. versionadded:: 2.1 + + Returns True if the CRL signature is correct for given public key, + False otherwise. X.509 Certificate Builder ~~~~~~~~~~~~~~~~~~~~~~~~~ -- cgit v1.2.3