support revoked certificates in CertificateRevocationListBuilder
diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst
index 8d8bda4..e02d4b2 100644
--- a/docs/x509/reference.rst
+++ b/docs/x509/reference.rst
@@ -788,12 +788,18 @@
... ]))
>>> builder = builder.last_update(datetime.datetime.today())
>>> builder = builder.next_update(datetime.datetime.today() + one_day)
+ >>> revoked_cert = x509.RevokedCertificateBuilder().serial_number(
+ ... 333
+ ... ).revocation_date(
+ ... datetime.datetime.today()
+ ... ).build(default_backend())
+ >>> builder = builder.add_revoked_certificate(revoked_cert)
>>> crl = builder.sign(
... private_key=private_key, algorithm=hashes.SHA256(),
... backend=default_backend()
... )
- >>> isinstance(crl, x509.CertificateRevocationList)
- True
+ >>> len(crl)
+ 1
.. method:: issuer_name(name)
@@ -832,6 +838,15 @@
:param critical: Set to ``True`` if the extension must be understood and
handled by whoever reads the CRL.
+ .. method:: add_revoked_certificate(revoked_certificate)
+
+ Adds a revoked certificate to this CRL.
+
+ :param revoked_certificate: An instance of
+ :class:`~cryptography.x509.RevokedCertificate`. These can be
+ obtained from an existing CRL or created with
+ :class:`~cryptography.x509.RevokedCertificateBuilder`.
+
.. method:: sign(private_key, algorithm, backend)
Sign this CRL using the CA's private key.