Add OpenSSL.crypto.verify_chain method.
This change adds support for verifying a certificate or a certificate
chain. This implementation uses OpenSSL's underlying X509_STORE_CTX_*
class of functions to accomplish this.
This change also adds an intermediate signing certificate/key and a
service certificate/key signed with the intermediate signing
certificate, to make testing the OpenSSL.crypto.verify_chain method
easier to test. I figured I would add it to the top level module so
other people can use an intermediate signing certificate in their own
tests.
Issue: https://github.com/pyca/pyopenssl/issues/154
diff --git a/doc/api/crypto.rst b/doc/api/crypto.rst
index b360e89..344fa40 100644
--- a/doc/api/crypto.rst
+++ b/doc/api/crypto.rst
@@ -42,7 +42,17 @@
.. py:data:: X509StoreType
- A Python type object representing the X509Store object type.
+ See :py:class:`X509Store`
+
+
+.. py:data X509Store
+
+ A class representing the X.509 store.
+
+
+.. py:data:: X509StoreContext
+
+ A class representing the X.509 store context.
.. py:data:: PKeyType
@@ -230,6 +240,18 @@
.. versionadded:: 0.11
+.. py:function:: verify_cert(store_ctx)
+
+ Verify a certificate in a context.
+
+ A :py:class:`X509StoreContext` is used to verify a certificate in some
+ context in conjunction with :py:func:`verify_cert`. The information
+ encapsulated in this object includes, but is not limited to, a set of
+ trusted certificates, verification parameters and revoked certificates.
+
+ .. versionadded:: 0.15
+
+
.. _openssl-x509:
X509 objects