updates based on review feedback
diff --git a/docs/x509.rst b/docs/x509.rst
index f66178a..4246862 100644
--- a/docs/x509.rst
+++ b/docs/x509.rst
@@ -736,12 +736,19 @@
:type: :class:`ObjectIdentifier`
- Either :data:`OID_OCSP` or :data:`OID_CA_ISSUERS`
+ The access method defines what the ``access_location`` means. It must
+ be either :data:`OID_OCSP` or :data:`OID_CA_ISSUERS`. If it is
+ :data:`OID_OCSP` the access location will be where to obtain OCSP
+ information for the certificate. If it is :data:`OID_CA_ISSUERS` the
+ access location will provide additional information about the issuing
+ certificate.
.. attribute:: access_location
:type: :class:`GeneralName`
+ Where to access the information defined by the access method.
+
Object Identifiers
~~~~~~~~~~~~~~~~~~
diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py
index 2bbd14d..2733709 100644
--- a/src/cryptography/x509.py
+++ b/src/cryptography/x509.py
@@ -67,8 +67,8 @@
"1.3.6.1.5.5.7.1.1": "authorityInfoAccess",
"1.3.6.1.5.5.7.1.11": "subjectInfoAccess",
"1.3.6.1.5.5.7.48.1.5": "OCSPNoCheck",
- "1.3.6.1.5.5.7.48.2": "caIssuers",
"1.3.6.1.5.5.7.48.1": "OCSP",
+ "1.3.6.1.5.5.7.48.2": "caIssuers",
}
@@ -428,7 +428,9 @@
class AccessDescription(object):
def __init__(self, access_method, access_location):
if not (access_method == OID_OCSP or access_method == OID_CA_ISSUERS):
- raise TypeError("access_method must be OID_OCSP or OID_CA_ISSUERS")
+ raise ValueError(
+ "access_method must be OID_OCSP or OID_CA_ISSUERS"
+ )
if not isinstance(access_location, GeneralName):
raise TypeError("access_location must be a GeneralName")
diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py
index 711b6b7..0e5cab5 100644
--- a/tests/test_x509_ext.py
+++ b/tests/test_x509_ext.py
@@ -992,7 +992,7 @@
class TestAccessDescription(object):
def test_invalid_access_method(self):
- with pytest.raises(TypeError):
+ with pytest.raises(ValueError):
x509.AccessDescription("notanoid", x509.DNSName(u"test"))
def test_invalid_access_location(self):