commit 09403100de2f6f1cdd0d484dcb8e620f1c335c8f
author Paul Kehrer <paul.l.kehrer@gmail.com> Sun Sep 09 21:57:21 2018 -0500
committer Alex Gaynor <alex.gaynor@gmail.com> Sun Sep 09 22:57:21 2018 -0400
tree f128b1a1c5ad82e4c372091758fa65b6d6f1ed3b
parent 15827f1fcb7459aac7dbe43c373a826f69a09c0c

OCSP request extension parsing (#4464)

* add OCSP request parsing support with OCSPNonce

* add docs

* reprs man

* make extensions a cached property

docs/x509/reference.rst

diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst
index ede08aa..079fef9 100644
--- a/docs/x509/reference.rst
+++ b/docs/x509/reference.rst
@@ -2432,6 +2432,30 @@
 
         :type: :class:`datetime.datetime`
 
+OCSP Extensions
+~~~~~~~~~~~~~~~
+
+.. class:: OCSPNonce(nonce)
+
+    .. versionadded:: 2.4
+
+    OCSP nonce is an extension that is only valid inside
+    :class:`~cryptography.x509.ocsp.OCSPRequest` and
+    :class:`~cryptography.x509.ocsp.OCSPResponse` objects. The nonce
+    cryptographically binds a request and a response to prevent replay attacks.
+    In practice nonces are rarely used in OCSP due to the desire to precompute
+    OCSP responses at large scale.
+
+    .. attribute:: oid
+
+        :type: :class:`ObjectIdentifier`
+
+        Returns
+        :attr:`~cryptography.x509.oid.OCSPExtensionOID.NONCE`.
+
+    .. attribute:: nonce
+
+        :type: bytes
 
 Object Identifiers
 ~~~~~~~~~~~~~~~~~~
@@ -2854,6 +2878,15 @@
 
         Corresponds to the dotted string ``"2.5.29.24"``.
 
+
+.. class:: OCSPExtensionOID
+
+    .. versionadded:: 2.4
+
+    .. attribute:: NONCE
+
+        Corresponds to the dotted string ``"1.3.6.1.5.5.7.48.1.2"``.
+
 Helper Functions
 ~~~~~~~~~~~~~~~~
 .. currentmodule:: cryptography.x509