From e845d0e49dd42edc9df2dfed35cbfb24b1e37d4f Mon Sep 17 00:00:00 2001 From: Andre Caron Date: Fri, 15 May 2015 22:11:18 -0400 Subject: Adds test vectors for X.509 CSR decoding. --- docs/development/test-vectors.rst | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'docs') diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst index 6f61a7ee..4fd358e8 100644 --- a/docs/development/test-vectors.rst +++ b/docs/development/test-vectors.rst @@ -124,6 +124,8 @@ Custom X.509 Vectors "We heart UTF8!™". * ``two_basic_constraints.pem`` - An RSA 2048 bit self-signed certificate containing two basic constraints extensions. +* ``two_basic_constraints_csr.pem`` - A cerfificate sigining request + for a RSA 2048 bit key containing two basic constraints extensions. * ``basic_constraints_not_critical.pem`` - An RSA 2048 bit self-signed certificate containing a basic constraints extension that is not marked as critical. @@ -133,9 +135,17 @@ Custom X.509 Vectors * ``unsupported_extension.pem`` - An RSA 2048 bit self-signed certificate containing an unsupported extension type. The OID was encoded as "1.2.3.4" with an ``extnValue`` of "value". +* ``unsupported_extension_csr.pem`` - A certificate signing request + for an RSA 2048 bit key containing containing an unsupported + extension type. The OID was encoded as "1.2.3.4" with an + ``extnValue`` of "value". * ``unsupported_extension_critical.pem`` - An RSA 2048 bit self-signed certificate containing an unsupported extension type marked critical. The OID was encoded as "1.2.3.4" with an ``extnValue`` of "value". +* ``unsupported_extension_critical_csr.pem`` - A certificate signing + request for an RSA 2048 bit key containing containing an unsupported + extension type marked critical. The OID was encoded as "1.2.3.4" + with an ``extnValue`` of "value". * ``san_email_dns_ip_dirname_uri.pem`` - An RSA 2048 bit self-signed certificate containing a subject alternative name extension with the following general names: ``rfc822Name``, ``dNSName``, ``iPAddress``, -- cgit v1.2.3 From 26cab5d57570c2561195e8fb2dac3652cdfe42e4 Mon Sep 17 00:00:00 2001 From: Andre Caron Date: Fri, 15 May 2015 23:08:08 -0400 Subject: Fixes typos. --- docs/development/test-vectors.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs') diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst index 4fd358e8..868966b4 100644 --- a/docs/development/test-vectors.rst +++ b/docs/development/test-vectors.rst @@ -124,7 +124,7 @@ Custom X.509 Vectors "We heart UTF8!™". * ``two_basic_constraints.pem`` - An RSA 2048 bit self-signed certificate containing two basic constraints extensions. -* ``two_basic_constraints_csr.pem`` - A cerfificate sigining request +* ``two_basic_constraints_csr.pem`` - A certificate signing request for a RSA 2048 bit key containing two basic constraints extensions. * ``basic_constraints_not_critical.pem`` - An RSA 2048 bit self-signed certificate containing a basic constraints extension that is not marked as -- cgit v1.2.3 From 6cfe79b966ae766b4f84246e853fa6d9895c3005 Mon Sep 17 00:00:00 2001 From: Andre Caron Date: Sat, 16 May 2015 08:41:52 -0400 Subject: Moves new CSR vector descriptions to CSR section. --- docs/development/test-vectors.rst | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'docs') diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst index 868966b4..1a3f23f0 100644 --- a/docs/development/test-vectors.rst +++ b/docs/development/test-vectors.rst @@ -124,8 +124,6 @@ Custom X.509 Vectors "We heart UTF8!™". * ``two_basic_constraints.pem`` - An RSA 2048 bit self-signed certificate containing two basic constraints extensions. -* ``two_basic_constraints_csr.pem`` - A certificate signing request - for a RSA 2048 bit key containing two basic constraints extensions. * ``basic_constraints_not_critical.pem`` - An RSA 2048 bit self-signed certificate containing a basic constraints extension that is not marked as critical. @@ -135,17 +133,9 @@ Custom X.509 Vectors * ``unsupported_extension.pem`` - An RSA 2048 bit self-signed certificate containing an unsupported extension type. The OID was encoded as "1.2.3.4" with an ``extnValue`` of "value". -* ``unsupported_extension_csr.pem`` - A certificate signing request - for an RSA 2048 bit key containing containing an unsupported - extension type. The OID was encoded as "1.2.3.4" with an - ``extnValue`` of "value". * ``unsupported_extension_critical.pem`` - An RSA 2048 bit self-signed certificate containing an unsupported extension type marked critical. The OID was encoded as "1.2.3.4" with an ``extnValue`` of "value". -* ``unsupported_extension_critical_csr.pem`` - A certificate signing - request for an RSA 2048 bit key containing containing an unsupported - extension type marked critical. The OID was encoded as "1.2.3.4" - with an ``extnValue`` of "value". * ``san_email_dns_ip_dirname_uri.pem`` - An RSA 2048 bit self-signed certificate containing a subject alternative name extension with the following general names: ``rfc822Name``, ``dNSName``, ``iPAddress``, @@ -227,6 +217,16 @@ Custom X.509 Request Vectors * ``san_rsa_sha1.pem`` and ``san_rsa_sha1.der`` - Contain a certificate request using RSA and SHA1 with a subject alternative name extension generated using OpenSSL. +* ``two_basic_constraints_csr.pem`` - A certificate signing request + for a RSA 2048 bit key containing two basic constraints extensions. +* ``unsupported_extension_csr.pem`` - A certificate signing request + for an RSA 2048 bit key containing containing an unsupported + extension type. The OID was encoded as "1.2.3.4" with an + ``extnValue`` of "value". +* ``unsupported_extension_critical_csr.pem`` - A certificate signing + request for an RSA 2048 bit key containing containing an unsupported + extension type marked critical. The OID was encoded as "1.2.3.4" + with an ``extnValue`` of "value". Hashes ~~~~~~ -- cgit v1.2.3 From 2b54fb0c7a31ff780f3b53273db1158b98abe170 Mon Sep 17 00:00:00 2001 From: Andre Caron Date: Sat, 16 May 2015 10:20:51 -0400 Subject: Moves CSR test vectors to requests folder. --- docs/development/test-vectors.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'docs') diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst index 1a3f23f0..9395202f 100644 --- a/docs/development/test-vectors.rst +++ b/docs/development/test-vectors.rst @@ -217,13 +217,13 @@ Custom X.509 Request Vectors * ``san_rsa_sha1.pem`` and ``san_rsa_sha1.der`` - Contain a certificate request using RSA and SHA1 with a subject alternative name extension generated using OpenSSL. -* ``two_basic_constraints_csr.pem`` - A certificate signing request +* ``two_basic_constraints.pem`` - A certificate signing request for a RSA 2048 bit key containing two basic constraints extensions. -* ``unsupported_extension_csr.pem`` - A certificate signing request +* ``unsupported_extension.pem`` - A certificate signing request for an RSA 2048 bit key containing containing an unsupported extension type. The OID was encoded as "1.2.3.4" with an ``extnValue`` of "value". -* ``unsupported_extension_critical_csr.pem`` - A certificate signing +* ``unsupported_extension_critical.pem`` - A certificate signing request for an RSA 2048 bit key containing containing an unsupported extension type marked critical. The OID was encoded as "1.2.3.4" with an ``extnValue`` of "value". -- cgit v1.2.3 From c97ca7e85ac0c382358f4a26b6f93fb2562e5673 Mon Sep 17 00:00:00 2001 From: Andre Caron Date: Sat, 16 May 2015 22:16:44 -0400 Subject: Adds new CSR test vector. --- docs/development/test-vectors.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'docs') diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst index 9395202f..4c0063b5 100644 --- a/docs/development/test-vectors.rst +++ b/docs/development/test-vectors.rst @@ -227,6 +227,9 @@ Custom X.509 Request Vectors request for an RSA 2048 bit key containing containing an unsupported extension type marked critical. The OID was encoded as "1.2.3.4" with an ``extnValue`` of "value". +* ``basic_constraints.pem`` - A certificate signing request for a RSA + 2048 bit key containing a basic constraints extension marked as + critical. Hashes ~~~~~~ -- cgit v1.2.3 From eb177931f825308f9b4df9c789f76b7ce04751f6 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sun, 17 May 2015 18:33:33 -0700 Subject: IPAddress needs to support networks for nameconstraints --- docs/x509.rst | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'docs') diff --git a/docs/x509.rst b/docs/x509.rst index ff43be01..850e3df1 100644 --- a/docs/x509.rst +++ b/docs/x509.rst @@ -509,8 +509,9 @@ General Name Classes .. attribute:: value - :type: :class:`~ipaddress.IPv4Address` or - :class:`~ipaddress.IPv6Address`. + :type: :class:`~ipaddress.IPv4Address`, + :class:`~ipaddress.IPv6Address`, :class:`~ipaddress.IPv4Network`, + or :class:`~ipaddress.IPv6Network`. .. class:: RegisteredID -- cgit v1.2.3 From 4a1038e0742c720a6046f9bb20f1156ce8624c6b Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Mon, 18 May 2015 10:28:31 -0700 Subject: add ocsp no check --- docs/x509.rst | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'docs') diff --git a/docs/x509.rst b/docs/x509.rst index 850e3df1..3f1af86c 100644 --- a/docs/x509.rst +++ b/docs/x509.rst @@ -699,6 +699,19 @@ X.509 Extensions purposes indicated in the key usage extension. The object is iterable to obtain the list of :ref:`extended key usage OIDs `. +.. class:: OCSPNoCheck + + .. versionadded:: 0.10 + + This presence of this extension indicates that an OCSP client can trust a + responder for the lifetime of the responder's certificate. CAs issuing + such a certificate should realize that a compromise of the responder's key + is as serious as the compromise of a CA key used to sign CRLs, at least for + the validity period of this certificate. CA's may choose to issue this type + of certificate with a very short lifetime and renew it frequently. This + extension is only relevant when the certificate is an authorized OCSP + responder. + .. class:: AuthorityKeyIdentifier .. versionadded:: 0.9 @@ -1235,6 +1248,11 @@ Extension OIDs Corresponds to the dotted string ``"1.3.6.1.5.5.7.1.1"``. The identifier for the :class:`AuthorityInformationAccess` extension type. +.. data:: OID_OCSP_NO_CHECK + + Corresponds to the dotted string ``"1.3.6.1.5.5.7.48.1.5"``. The identifier + for the :class:`OCSPNoCheck` extension type. + Exceptions ~~~~~~~~~~ -- cgit v1.2.3