Fixes #4333 -- added support for precert poison extension (#4442)
* Fixes #4333 -- added support for precert poison extension
* Make work on all OpenSSL versions
* fixed flake8 + docs
* fix for older OpenSSLs
* document this
* spell
diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst
index 5fa8471..ede08aa 100644
--- a/docs/x509/reference.rst
+++ b/docs/x509/reference.rst
@@ -1944,6 +1944,23 @@
:attr:`~cryptography.x509.oid.ExtensionOID.PRECERT_SIGNED_CERTIFICATE_TIMESTAMPS`.
+.. class:: PrecertPoison()
+
+ .. versionadded:: 2.4
+
+ This extension indicates that the certificate should not be treated as a
+ certificate for the purposes of validation, but is instead for submission
+ to a certificate transparency log in order to obtain SCTs which will be
+ embedded in a :class:`PrecertificateSignedCertificateTimestamps` extension
+ on the final certificate.
+
+ .. attribute:: oid
+
+ :type: :class:`ObjectIdentifier`
+
+ Returns :attr:`~cryptography.x509.oid.ExtensionOID.PRECERT_POISON`.
+
+
.. class:: DeltaCRLIndicator(crl_number)
.. versionadded:: 2.1
@@ -2804,6 +2821,12 @@
Corresponds to the dotted string ``"1.3.6.1.4.1.11129.2.4.2"``.
+ .. attribute:: PRECERT_POISON
+
+ .. versionadded:: 2.4
+
+ Corresponds to the dotted string ``"1.3.6.1.4.1.11129.2.4.3"``.
+
.. attribute:: POLICY_CONSTRAINTS
Corresponds to the dotted string ``"2.5.29.36"``. The identifier for the