commit 32bbfe0f27c284d6c268f2998e64f62083465faf
author Erik Trauschke <erik.trauschke@gmail.com> Wed Oct 21 08:04:55 2015 -0700
committer Erik Trauschke <erik.trauschke@gmail.com> Wed Oct 21 08:04:55 2015 -0700
tree 34cee6777d05273f749a628367da1acce2714a28
parent 12121fc2fdf647cf205f0eec81f9fd0aee89b32b

remove convenience functions for revoked extensions
fix docs regarding CRL PEM format

docs/x509/reference.rst

diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst
index 5ab6caa..fe52727 100644
--- a/docs/x509/reference.rst
+++ b/docs/x509/reference.rst
@@ -153,8 +153,7 @@
 
     Deserialize a certificate revocation list (CRL) from PEM encoded data. PEM
     requests are base64 decoded and have delimiters that look like
-    ``-----BEGIN X509 CRL-----``. This format is also known as
-    PKCS#10.
+    ``-----BEGIN X509 CRL-----``.
 
     :param bytes data: The PEM encoded request data.
 

src/cryptography/hazmat/backends/openssl/x509.py

diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index 1c0f87f..2790ec7 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -744,36 +744,6 @@
             self._backend, self._x509_revoked
         )
 
-    def get_reason(self):
-        """
-        Returns the CRLReason extension if it exists.
-        """
-        try:
-            return self.extensions.get_extension_for_oid(
-                x509.OID_CRL_REASON).value
-        except x509.ExtensionNotFound:
-            return None
-
-    def get_invalidity_date(self):
-        """
-        Returns the InvalidityDate extension if it exists.
-        """
-        try:
-            return self.extensions.get_extension_for_oid(
-                x509.OID_INVALIDITY_DATE).value
-        except x509.ExtensionNotFound:
-            return None
-
-    def get_certificate_issuer(self):
-        """
-        Returns the CertificateIssuer extension if it exists.
-        """
-        try:
-            return self.extensions.get_extension_for_oid(
-                x509.OID_CERTIFICATE_ISSUER).value
-        except x509.ExtensionNotFound:
-            return None
-
 
 @utils.register_interface(x509.CertificateRevocationList)
 class _CertificateRevocationList(object):

tests/test_x509.py

diff --git a/tests/test_x509.py b/tests/test_x509.py
index b9304c3..9567b64 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -219,10 +219,8 @@
         assert len(rev0.extensions) == 0
         with pytest.raises(x509.ExtensionNotFound):
             rev0.extensions.get_extension_for_oid(x509.OID_CRL_REASON)
-
-        assert rev0.get_invalidity_date() is None
-        assert rev0.get_certificate_issuer() is None
-        assert rev0.get_reason() is None
+            rev0.extensions.get_extension_for_oid(x509.OID_CERTIFICATE_ISSUER)
+            rev0.extensions.get_extension_for_oid(x509.OID_INVALIDITY_DATE)
 
         # Test manual retrieval of extension values.
         rev1 = crl[1]
@@ -241,14 +239,17 @@
         assert isinstance(date, datetime.datetime)
         assert date.isoformat() == "2015-01-01T00:00:00"
 
-        # Test convenience function.
-        assert rev1.get_invalidity_date().isoformat() == "2015-01-01T00:00:00"
-        assert rev1.get_certificate_issuer() == exp_issuer
-
         # Check if all reason flags can be found in the CRL.
         flags = set(x509.ReasonFlags)
-        for r in crl:
-            flags.discard(r.get_reason())
+        for rev in crl:
+            try:
+                r = rev.extensions.get_extension_for_oid(x509.OID_CRL_REASON)
+            except x509.ExtensionNotFound:
+                # Not all revoked certs have a reason extension.
+                pass
+            else:
+                flags.discard(r.value)
+
         assert len(flags) == 0
 
     def test_duplicate_entry_ext(self, backend):