Remove CertificateBuilder.version
Default CertificateBuilder to Version.v3
diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst
index e4ea252..5a80984 100644
--- a/docs/x509/reference.rst
+++ b/docs/x509/reference.rst
@@ -393,13 +393,6 @@
.. class:: CertificateBuilder
- .. method:: version(version)
-
- Sets the X.509 version that will be used in the certificate.
-
- :param version: The :class:`~cryptography.x509.Version` that will be
- used by the certificate.
-
.. method:: issuer_name(name)
Sets the issuer's distinguished name.
diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py
index 6f7aeee..4b13fce 100644
--- a/src/cryptography/x509.py
+++ b/src/cryptography/x509.py
@@ -1605,7 +1605,7 @@
"""
Creates an empty X.509 certificate (version 1).
"""
- self._version = version
+ self._version = Version.v3
self._issuer_name = issuer_name
self._subject_name = subject_name
self._public_key = public_key
@@ -1614,20 +1614,6 @@
self._not_valid_after = not_valid_after
self._extensions = extensions
- def version(self, version):
- """
- Sets the X.509 version required by decoders.
- """
- if not isinstance(version, Version):
- raise TypeError('Expecting x509.Version object.')
- if self._version is not None:
- raise ValueError('The version may only be set once.')
- return CertificateBuilder(
- version, self._issuer_name, self._subject_name, self._public_key,
- self._serial_number, self._not_valid_before,
- self._not_valid_after, self._extensions
- )
-
def issuer_name(self, name):
"""
Sets the CA's distinguished name.
@@ -1744,7 +1730,4 @@
"""
Signs the certificate using the CA's private key.
"""
- builder = self
- if self._version is None:
- builder = self.version(Version.v3)
- return backend.sign_x509_certificate(builder, private_key, algorithm)
+ return backend.sign_x509_certificate(self, private_key, algorithm)
diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
index 5505c63..daa3787 100644
--- a/tests/hazmat/backends/test_openssl.py
+++ b/tests/hazmat/backends/test_openssl.py
@@ -489,9 +489,7 @@
def test_checks_for_unsupported_extensions(self):
private_key = RSA_KEY_2048.private_key(backend)
- builder = x509.CertificateBuilder().version(
- x509.Version.v3
- ).subject_name(x509.Name([
+ builder = x509.CertificateBuilder().subject_name(x509.Name([
x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
x509.NameAttribute(x509.OID_STATE_OR_PROVINCE_NAME, u'Texas'),
x509.NameAttribute(x509.OID_LOCALITY_NAME, u'Austin'),
diff --git a/tests/test_x509.py b/tests/test_x509.py
index c4a423a..e052b4d 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -782,9 +782,7 @@
not_valid_before = datetime.datetime(2002, 1, 1, 12, 1)
not_valid_after = datetime.datetime(2030, 12, 31, 8, 30)
- builder = x509.CertificateBuilder().version(
- x509.Version.v3
- ).serial_number(
+ builder = x509.CertificateBuilder().serial_number(
777
).issuer_name(x509.Name([
x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'),
@@ -824,20 +822,6 @@
class TestCertificateBuilder(object):
- def test_version_must_be_a_version_type(self):
- builder = x509.CertificateBuilder()
-
- with pytest.raises(TypeError):
- builder.version("v1")
-
- def test_version_may_only_be_set_once(self):
- builder = x509.CertificateBuilder().version(
- x509.Version.v3
- )
-
- with pytest.raises(ValueError):
- builder.version(x509.Version.v1)
-
def test_issuer_name_must_be_a_name_type(self):
builder = x509.CertificateBuilder()