Merge pull request #1963 from AndreLouisCaron/csr-encoding
Adds support for writing CSRs.
diff --git a/.travis.yml b/.travis.yml
index c7413ea..343576f 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,8 +1,11 @@
sudo: false
+
language: python
+
cache:
directories:
- $HOME/.cache/pip
+
matrix:
include:
- python: 2.6 # these are just to make travis's UI a bit prettier
@@ -67,42 +70,55 @@
env: TOXENV=py3pep8
- language: generic
os: osx
+ osx_image: beta-xcode6.3
env: TOXENV=py26
- language: generic
os: osx
+ osx_image: beta-xcode6.3
env: TOXENV=py27
- language: generic
os: osx
+ osx_image: beta-xcode6.3
env: TOXENV=py33
- language: generic
os: osx
+ osx_image: beta-xcode6.3
env: TOXENV=py34
- language: generic
os: osx
+ osx_image: beta-xcode6.3
env: TOXENV=pypy
- language: generic
os: osx
+ osx_image: beta-xcode6.3
env: TOXENV=pypy3
- language: generic
os: osx
+ osx_image: beta-xcode6.3
env: TOXENV=py26 OPENSSL=0.9.8
- language: generic
os: osx
+ osx_image: beta-xcode6.3
env: TOXENV=py27 OPENSSL=0.9.8
- language: generic
os: osx
+ osx_image: beta-xcode6.3
env: TOXENV=py33 OPENSSL=0.9.8
- language: generic
os: osx
+ osx_image: beta-xcode6.3
env: TOXENV=py34 OPENSSL=0.9.8
- language: generic
os: osx
+ osx_image: beta-xcode6.3
env: TOXENV=pypy OPENSSL=0.9.8
- language: generic
os: osx
+ osx_image: beta-xcode6.3
env: TOXENV=pypy3 OPENSSL=0.9.8
- language: generic
os: osx
+ osx_image: beta-xcode6.3
env: TOXENV=docs
install:
diff --git a/.travis/install.sh b/.travis/install.sh
index 9e14a92..7c3e9de 100755
--- a/.travis/install.sh
+++ b/.travis/install.sh
@@ -4,10 +4,10 @@
set -x
if [[ "$(uname -s)" == 'Darwin' ]]; then
- brew update
+ brew update || brew update
if [[ "${OPENSSL}" != "0.9.8" ]]; then
- brew upgrade openssl
+ brew outdated openssl || brew upgrade openssl
fi
if which pyenv > /dev/null; then
@@ -24,22 +24,22 @@
python get-pip.py --user
;;
py33)
- brew upgrade pyenv
+ brew outdated pyenv || brew upgrade pyenv
pyenv install 3.3.6
pyenv global 3.3.6
;;
py34)
- brew upgrade pyenv
+ brew outdated pyenv || brew upgrade pyenv
pyenv install 3.4.2
pyenv global 3.4.2
;;
pypy)
- brew upgrade pyenv
+ brew outdated pyenv || brew upgrade pyenv
pyenv install pypy-2.5.1
pyenv global pypy-2.5.1
;;
pypy3)
- brew upgrade pyenv
+ brew outdated pyenv || brew upgrade pyenv
pyenv install pypy3-2.4.0
pyenv global pypy3-2.4.0
;;
@@ -49,7 +49,7 @@
;;
esac
pyenv rehash
- pip install --user virtualenv
+ python -m pip install --user virtualenv
else
pip install virtualenv
fi
diff --git a/docs/x509.rst b/docs/x509.rst
index 8e762ef..c8505a8 100644
--- a/docs/x509.rst
+++ b/docs/x509.rst
@@ -710,6 +710,19 @@
purposes indicated in the key usage extension. The object is
iterable to obtain the list of :ref:`extended key usage OIDs <eku_oids>`.
+.. class:: OCSPNoCheck
+
+ .. versionadded:: 0.10
+
+ This presence of this extension indicates that an OCSP client can trust a
+ responder for the lifetime of the responder's certificate. CAs issuing
+ such a certificate should realize that a compromise of the responder's key
+ is as serious as the compromise of a CA key used to sign CRLs, at least for
+ the validity period of this certificate. CA's may choose to issue this type
+ of certificate with a very short lifetime and renew it frequently. This
+ extension is only relevant when the certificate is an authorized OCSP
+ responder.
+
.. class:: AuthorityKeyIdentifier
.. versionadded:: 0.9
@@ -1246,6 +1259,11 @@
Corresponds to the dotted string ``"1.3.6.1.5.5.7.1.1"``. The identifier
for the :class:`AuthorityInformationAccess` extension type.
+.. data:: OID_OCSP_NO_CHECK
+
+ Corresponds to the dotted string ``"1.3.6.1.5.5.7.48.1.5"``. The identifier
+ for the :class:`OCSPNoCheck` extension type.
+
Exceptions
~~~~~~~~~~
diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py
index c449b7e..9a3295c 100644
--- a/src/cryptography/x509.py
+++ b/src/cryptography/x509.py
@@ -320,6 +320,10 @@
return not self == other
+class OCSPNoCheck(object):
+ pass
+
+
class BasicConstraints(object):
def __init__(self, ca, path_length):
if not isinstance(ca, bool):