[Cryptography-dev] pyOpenSSL CRL chaining
Ansley Peduru
ansleypeduru96 at gmail.com
Wed Jun 15 10:57:23 EDT 2016
Hi all,
WIth the recent changes made to enable CRL in verify context objects (see
here https://github.com/pyca/pyopenssl/pull/483) I would like to know some
further functionality. In particular, if this API supports CRL chaining
and/or CRL concatenation. Would a CRL need to contain a full chain of
issuing intermediate CA's and the issuing root CA? Also when we create an
X509Store object we add the certificate in question using add_cert() but
when we use it to verify in the X509StoreContext, must we use the same
certificate? It seems slightly confusing given the lack of documentation. I
am basing most of my assumptions on the unit tests that were merged in.
Regards,
Ansley
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20160615/3218d70f/attachment.html>
More information about the Cryptography-dev
mailing list