Remove unnecessary helper functions
- Update documented methods
- Do not mute the CertificateBuilder object if no version is set
diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst
index 65e3880..b6c2f8a 100644
--- a/docs/x509/reference.rst
+++ b/docs/x509/reference.rst
@@ -393,10 +393,6 @@
.. class:: CertificateBuilder
- .. method:: __init__()
-
- Creates an empty certificate (version 1).
-
.. method:: set_version(version)
Sets the X.509 version that will be used in the certificate.
@@ -404,27 +400,27 @@
:param version: The :class:`~cryptography.x509.Version` that will be
used by the certificate.
- .. method:: set_issuer_name(name)
+ .. method:: issuer_name(name)
Sets the issuer's distinguished name.
:param public_key: The :class:`~cryptography.x509.Name` that describes
the issuer (CA).
- .. method:: set_subject_name(name)
+ .. method:: subject_name(name)
Sets the subject's distinguished name.
:param public_key: The :class:`~cryptography.x509.Name` that describes
the subject (requester).
- .. method:: set_public_key(public_key)
+ .. method:: public_key(public_key)
Sets the subject's public key.
:param public_key: The subject's public key.
- .. method:: set_serial_number(serial_number)
+ .. method:: serial_number(serial_number)
Sets the certificate's serial number (an integer). The CA's policy
determines how it attributes serial numbers to certificates. The only
@@ -435,7 +431,7 @@
identify this certificate (most notably during certificate
revocation checking).
- .. method:: set_not_valid_before(time)
+ .. method:: not_valid_before(time)
Sets the certificate's activation time. This is the time from which
clients can start trusting the certificate. It may be different from
@@ -445,7 +441,7 @@
activation time for the certificate. The certificate may not be
trusted clients if it is used before this time.
- .. method:: set_not_valid_after(time)
+ .. method:: not_valid_after(time)
Sets the certificate's expiration time. This is the time from which
clients should no longer trust the certificate. The CA's policy will
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index 04f631f..1c912e6 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -95,22 +95,6 @@
return s
-def _make_asn1_int(backend, x):
- i = backend._lib.ASN1_INTEGER_new()
- # i = backend._ffi.gc(i, backend._lib.ASN1_INTEGER_free)
- backend._lib.ASN1_INTEGER_set(i, x)
- return i
-
-
-def _make_asn1_str(backend, x, n=None):
- if n is None:
- n = len(x)
- s = backend._lib.ASN1_OCTET_STRING_new()
- # s = backend._ffi.gc(s, backend._lib.ASN1_OCTET_STRING_free)
- backend._lib.ASN1_OCTET_STRING_set(s, x, n)
- return s
-
-
def _encode_name(backend, attributes):
"""
The X509_NAME created will not be gc'd. Use _encode_name_gc if needed.
@@ -1039,7 +1023,7 @@
assert res == 1
# Set the certificate serial number.
- serial_number = _make_asn1_int(self, builder._serial_number)
+ serial_number = _encode_asn1_int(self, builder._serial_number)
self._lib.X509_set_serialNumber(x509_cert, serial_number)
# Set the "not before" time.
diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py
index c04b8c9..a9d4430 100644
--- a/src/cryptography/x509.py
+++ b/src/cryptography/x509.py
@@ -1746,6 +1746,7 @@
"""
Signs the certificate using the CA's private key.
"""
+ builder = self
if self._version is None:
- self._version = Version.v1
- return backend.sign_x509_certificate(self, private_key, algorithm)
+ builder = self.version(Version.v3)
+ return backend.sign_x509_certificate(builder, private_key, algorithm)