blob: f378e844f50453723e3ceb0835adae1798181cad [file] [log] [blame]
Jonathan Ballet6381da32011-07-20 16:43:38 +09001.. _openssl-crypto:
2
3:py:mod:`crypto` --- Generic cryptographic module
4=================================================
5
Jonathan Balletc9e066c2011-07-17 22:56:05 +09006.. py:module:: OpenSSL.crypto
Jonathan Ballet6381da32011-07-20 16:43:38 +09007 :synopsis: Generic cryptographic module
Jonathan Ballet648875f2011-07-16 14:14:58 +09008
9
Jonathan Balletc9e066c2011-07-17 22:56:05 +090010.. py:data:: X509Type
Jonathan Ballet648875f2011-07-16 14:14:58 +090011
Jonathan Balletc9e066c2011-07-17 22:56:05 +090012 See :py:class:`X509`.
Jonathan Ballet648875f2011-07-16 14:14:58 +090013
14
Jonathan Balletc9e066c2011-07-17 22:56:05 +090015.. py:class:: X509()
16
17 A class representing X.509 certificates.
18
19
20.. py:data:: X509NameType
21
22 See :py:class:`X509Name`.
23
24
25.. py:class:: X509Name(x509name)
26
27 A class representing X.509 Distinguished Names.
28
29 This constructor creates a copy of *x509name* which should be an
30 instance of :py:class:`X509Name`.
31
32
33.. py:data:: X509ReqType
34
35 See :py:class:`X509Req`.
36
37
38.. py:class:: X509Req()
39
40 A class representing X.509 certificate requests.
41
42
43.. py:data:: X509StoreType
44
Stephen Holsapple0d9815f2014-08-27 19:36:53 -070045 See :py:class:`X509Store`
46
47
48.. py:data X509Store
49
50 A class representing the X.509 store.
51
52
53.. py:data:: X509StoreContext
54
55 A class representing the X.509 store context.
Jonathan Balletc9e066c2011-07-17 22:56:05 +090056
57
58.. py:data:: PKeyType
59
60 See :py:class:`PKey`.
61
62
63.. py:class:: PKey()
64
65 A class representing DSA or RSA keys.
66
67
68.. py:data:: PKCS7Type
69
70 A Python type object representing the PKCS7 object type.
71
72
73.. py:data:: PKCS12Type
74
75 A Python type object representing the PKCS12 object type.
76
77
78.. py:data:: X509ExtensionType
79
80 See :py:class:`X509Extension`.
81
82
83.. py:class:: X509Extension(typename, critical, value[, subject][, issuer])
84
85 A class representing an X.509 v3 certificate extensions. See
86 http://openssl.org/docs/apps/x509v3_config.html#STANDARD_EXTENSIONS for
87 *typename* strings and their options. Optional parameters *subject* and
88 *issuer* must be X509 objects.
89
90
91.. py:data:: NetscapeSPKIType
92
93 See :py:class:`NetscapeSPKI`.
94
95
96.. py:class:: NetscapeSPKI([enc])
97
98 A class representing Netscape SPKI objects.
99
100 If the *enc* argument is present, it should be a base64-encoded string
101 representing a NetscapeSPKI object, as returned by the :py:meth:`b64_encode`
102 method.
103
104
105.. py:class:: CRL()
106
107 A class representing Certifcate Revocation List objects.
108
109
110.. py:class:: Revoked()
111
112 A class representing Revocation objects of CRL.
113
114
115.. py:data:: FILETYPE_PEM
Jonathan Ballet6381da32011-07-20 16:43:38 +0900116 FILETYPE_ASN1
Jonathan Balletc9e066c2011-07-17 22:56:05 +0900117
118 File type constants.
119
120
121.. py:data:: TYPE_RSA
Jonathan Ballet6381da32011-07-20 16:43:38 +0900122 TYPE_DSA
Jonathan Balletc9e066c2011-07-17 22:56:05 +0900123
124 Key type constants.
125
126
127.. py:exception:: Error
128
129 Generic exception used in the :py:mod:`.crypto` module.
130
131
Jean-Paul Calderonec09fd582014-04-18 22:00:10 -0400132.. py:function:: get_elliptic_curves
133
134 Return a set of objects representing the elliptic curves supported in the
135 OpenSSL build in use.
136
137 The curve objects have a :py:class:`unicode` ``name`` attribute by which
Jean-Paul Calderoneaaf516d2014-04-19 09:10:45 -0400138 they identify themselves.
Jean-Paul Calderonec09fd582014-04-18 22:00:10 -0400139
140 The curve objects are useful as values for the argument accepted by
Jean-Paul Calderone3b04e352014-04-19 09:29:10 -0400141 :py:meth:`Context.set_tmp_ecdh` to specify which elliptical curve should be
142 used for ECDHE key exchange.
Jean-Paul Calderonec09fd582014-04-18 22:00:10 -0400143
144
145.. py:function:: get_elliptic_curve
146
147 Return a single curve object selected by name.
148
149 See :py:func:`get_elliptic_curves` for information about curve objects.
150
151 If the named curve is not supported then :py:class:`ValueError` is raised.
152
153
Jonathan Balletc9e066c2011-07-17 22:56:05 +0900154.. py:function:: dump_certificate(type, cert)
155
156 Dump the certificate *cert* into a buffer string encoded with the type
157 *type*.
158
159
160.. py:function:: dump_certificate_request(type, req)
161
162 Dump the certificate request *req* into a buffer string encoded with the
163 type *type*.
164
165
166.. py:function:: dump_privatekey(type, pkey[, cipher, passphrase])
167
168 Dump the private key *pkey* into a buffer string encoded with the type
169 *type*, optionally (if *type* is :py:const:`FILETYPE_PEM`) encrypting it
170 using *cipher* and *passphrase*.
171
172 *passphrase* must be either a string or a callback for providing the
173 pass phrase.
174
175
176.. py:function:: load_certificate(type, buffer)
177
178 Load a certificate (X509) from the string *buffer* encoded with the
179 type *type*.
180
181
182.. py:function:: load_certificate_request(type, buffer)
183
184 Load a certificate request (X509Req) from the string *buffer* encoded with
185 the type *type*.
186
187
188.. py:function:: load_privatekey(type, buffer[, passphrase])
189
190 Load a private key (PKey) from the string *buffer* encoded with the type
191 *type* (must be one of :py:const:`FILETYPE_PEM` and
192 :py:const:`FILETYPE_ASN1`).
193
194 *passphrase* must be either a string or a callback for providing the pass
195 phrase.
196
197
198.. py:function:: load_crl(type, buffer)
199
200 Load Certificate Revocation List (CRL) data from a string *buffer*.
201 *buffer* encoded with the type *type*. The type *type* must either
202 :py:const:`FILETYPE_PEM` or :py:const:`FILETYPE_ASN1`).
203
204
205.. py:function:: load_pkcs7_data(type, buffer)
206
207 Load pkcs7 data from the string *buffer* encoded with the type *type*.
208
209
210.. py:function:: load_pkcs12(buffer[, passphrase])
211
212 Load pkcs12 data from the string *buffer*. If the pkcs12 structure is
213 encrypted, a *passphrase* must be included. The MAC is always
214 checked and thus required.
215
216 See also the man page for the C function :py:func:`PKCS12_parse`.
217
218
219.. py:function:: sign(key, data, digest)
220
221 Sign a data string using the given key and message digest.
222
223 *key* is a :py:class:`PKey` instance. *data* is a ``str`` instance.
224 *digest* is a ``str`` naming a supported message digest type, for example
225 :py:const:`sha1`.
226
227 .. versionadded:: 0.11
228
229
230.. py:function:: verify(certificate, signature, data, digest)
231
232 Verify the signature for a data string.
233
234 *certificate* is a :py:class:`X509` instance corresponding to the private
235 key which generated the signature. *signature* is a *str* instance giving
236 the signature itself. *data* is a *str* instance giving the data to which
237 the signature applies. *digest* is a *str* instance naming the message
238 digest type of the signature, for example :py:const:`sha1`.
239
240 .. versionadded:: 0.11
241
242
243.. _openssl-x509:
244
245X509 objects
246------------
247
248X509 objects have the following methods:
249
250.. py:method:: X509.get_issuer()
251
252 Return an X509Name object representing the issuer of the certificate.
253
254
255.. py:method:: X509.get_pubkey()
256
257 Return a :py:class:`PKey` object representing the public key of the certificate.
258
259
260.. py:method:: X509.get_serial_number()
261
262 Return the certificate serial number.
263
264
265.. py:method:: X509.get_signature_algorithm()
266
267 Return the signature algorithm used in the certificate. If the algorithm is
268 undefined, raise :py:data:`ValueError`.
269
Jean-Paul Calderone54cc3902012-09-12 10:49:07 -0400270 ..versionadded:: 0.13
271
Jonathan Balletc9e066c2011-07-17 22:56:05 +0900272
273.. py:method:: X509.get_subject()
274
275 Return an :py:class:`X509Name` object representing the subject of the certificate.
276
277
278.. py:method:: X509.get_version()
279
280 Return the certificate version.
281
282
283.. py:method:: X509.get_notBefore()
284
285 Return a string giving the time before which the certificate is not valid. The
286 string is formatted as an ASN1 GENERALIZEDTIME::
287
Jonathan Ballet6381da32011-07-20 16:43:38 +0900288 YYYYMMDDhhmmssZ
289 YYYYMMDDhhmmss+hhmm
290 YYYYMMDDhhmmss-hhmm
Jonathan Balletc9e066c2011-07-17 22:56:05 +0900291
292 If no value exists for this field, :py:data:`None` is returned.
293
294
295.. py:method:: X509.get_notAfter()
296
297 Return a string giving the time after which the certificate is not valid. The
298 string is formatted as an ASN1 GENERALIZEDTIME::
299
Jonathan Ballet6381da32011-07-20 16:43:38 +0900300 YYYYMMDDhhmmssZ
301 YYYYMMDDhhmmss+hhmm
302 YYYYMMDDhhmmss-hhmm
Jonathan Balletc9e066c2011-07-17 22:56:05 +0900303
304 If no value exists for this field, :py:data:`None` is returned.
305
306
307.. py:method:: X509.set_notBefore(when)
308
309 Change the time before which the certificate is not valid. *when* is a
310 string formatted as an ASN1 GENERALIZEDTIME::
311
Jonathan Ballet6381da32011-07-20 16:43:38 +0900312 YYYYMMDDhhmmssZ
313 YYYYMMDDhhmmss+hhmm
314 YYYYMMDDhhmmss-hhmm
Jonathan Balletc9e066c2011-07-17 22:56:05 +0900315
316
317.. py:method:: X509.set_notAfter(when)
318
319 Change the time after which the certificate is not valid. *when* is a
320 string formatted as an ASN1 GENERALIZEDTIME::
321
Jonathan Ballet6381da32011-07-20 16:43:38 +0900322 YYYYMMDDhhmmssZ
323 YYYYMMDDhhmmss+hhmm
324 YYYYMMDDhhmmss-hhmm
Jonathan Balletc9e066c2011-07-17 22:56:05 +0900325
326
327
328.. py:method:: X509.gmtime_adj_notBefore(time)
329
330 Adjust the timestamp (in GMT) when the certificate starts being valid.
331
332
333.. py:method:: X509.gmtime_adj_notAfter(time)
334
335 Adjust the timestamp (in GMT) when the certificate stops being valid.
336
337
338.. py:method:: X509.has_expired()
339
340 Checks the certificate's time stamp against current time. Returns true if the
341 certificate has expired and false otherwise.
342
343
344.. py:method:: X509.set_issuer(issuer)
345
346 Set the issuer of the certificate to *issuer*.
347
348
349.. py:method:: X509.set_pubkey(pkey)
350
351 Set the public key of the certificate to *pkey*.
352
353
354.. py:method:: X509.set_serial_number(serialno)
355
356 Set the serial number of the certificate to *serialno*.
357
358
359.. py:method:: X509.set_subject(subject)
360
361 Set the subject of the certificate to *subject*.
362
363
364.. py:method:: X509.set_version(version)
365
366 Set the certificate version to *version*.
367
368
369.. py:method:: X509.sign(pkey, digest)
370
371 Sign the certificate, using the key *pkey* and the message digest algorithm
372 identified by the string *digest*.
373
374
375.. py:method:: X509.subject_name_hash()
376
377 Return the hash of the certificate subject.
378
379.. py:method:: X509.digest(digest_name)
380
381 Return a digest of the certificate, using the *digest_name* method.
382 *digest_name* must be a string describing a digest algorithm supported
383 by OpenSSL (by EVP_get_digestbyname, specifically). For example,
384 :py:const:`"md5"` or :py:const:`"sha1"`.
385
386
387.. py:method:: X509.add_extensions(extensions)
388
389 Add the extensions in the sequence *extensions* to the certificate.
390
391
392.. py:method:: X509.get_extension_count()
393
394 Return the number of extensions on this certificate.
395
396 .. versionadded:: 0.12
397
398
399.. py:method:: X509.get_extension(index)
400
401 Retrieve the extension on this certificate at the given index.
402
403 Extensions on a certificate are kept in order. The index parameter selects
404 which extension will be returned. The returned object will be an
405 :py:class:`X509Extension` instance.
406
407 .. versionadded:: 0.12
408
409
410.. _openssl-x509name:
411
412X509Name objects
413----------------
414
415X509Name objects have the following methods:
416
417.. py:method:: X509Name.hash()
418
419 Return an integer giving the first four bytes of the MD5 digest of the DER
420 representation of the name.
421
422
423.. py:method:: X509Name.der()
424
425 Return a string giving the DER representation of the name.
426
427
428.. py:method:: X509Name.get_components()
429
430 Return a list of two-tuples of strings giving the components of the name.
431
432
433X509Name objects have the following members:
434
435.. py:attribute:: X509Name.countryName
436
437 The country of the entity. :py:attr:`C` may be used as an alias for
438 :py:attr:`countryName`.
439
440
441.. py:attribute:: X509Name.stateOrProvinceName
442
443 The state or province of the entity. :py:attr:`ST` may be used as an alias for
Jean-Paul Calderonef1b70302011-09-11 09:00:00 -0400444 :py:attr:`stateOrProvinceName`.
Jonathan Balletc9e066c2011-07-17 22:56:05 +0900445
446
447.. py:attribute:: X509Name.localityName
448
449 The locality of the entity. :py:attr:`L` may be used as an alias for
450 :py:attr:`localityName`.
451
452
453.. py:attribute:: X509Name.organizationName
454
455 The organization name of the entity. :py:attr:`O` may be used as an alias for
456 :py:attr:`organizationName`.
457
458
459.. py:attribute:: X509Name.organizationalUnitName
460
461 The organizational unit of the entity. :py:attr:`OU` may be used as an alias for
462 :py:attr:`organizationalUnitName`.
463
464
465.. py:attribute:: X509Name.commonName
466
467 The common name of the entity. :py:attr:`CN` may be used as an alias for
468 :py:attr:`commonName`.
469
470
471.. py:attribute:: X509Name.emailAddress
472
473 The e-mail address of the entity.
474
475
476.. _openssl-x509req:
477
478X509Req objects
479---------------
480
481X509Req objects have the following methods:
482
483.. py:method:: X509Req.get_pubkey()
484
485 Return a :py:class:`PKey` object representing the public key of the certificate request.
486
487
488.. py:method:: X509Req.get_subject()
489
490 Return an :py:class:`X509Name` object representing the subject of the certificate.
491
492
493.. py:method:: X509Req.set_pubkey(pkey)
494
495 Set the public key of the certificate request to *pkey*.
496
497
498.. py:method:: X509Req.sign(pkey, digest)
499
500 Sign the certificate request, using the key *pkey* and the message digest
501 algorithm identified by the string *digest*.
502
503
504.. py:method:: X509Req.verify(pkey)
505
506 Verify a certificate request using the public key *pkey*.
507
508
509.. py:method:: X509Req.set_version(version)
510
511 Set the version (RFC 2459, 4.1.2.1) of the certificate request to
512 *version*.
513
514
515.. py:method:: X509Req.get_version()
516
517 Get the version (RFC 2459, 4.1.2.1) of the certificate request.
518
519
Jean-Paul Calderone26e07d62014-03-02 08:08:23 -0500520.. py:method:: X509Req.get_extensions()
521
522 Get extensions to the request.
523
524 .. versionadded:: 0.15
525
526
Jonathan Balletc9e066c2011-07-17 22:56:05 +0900527.. _openssl-x509store:
528
529X509Store objects
530-----------------
531
532The X509Store object has currently just one method:
533
534.. py:method:: X509Store.add_cert(cert)
535
536 Add the certificate *cert* to the certificate store.
537
538
Stephen Holsapple95a46652015-02-09 19:34:25 -0800539X509StoreContextError objects
540-----------------------------
541
542The X509StoreContextError is an exception raised from
543`X509StoreContext.verify_certificate` in circumstances where a certificate
544cannot be verified in a provided context.
545
Jean-Paul Calderone876b2ac2015-03-15 16:17:19 -0400546The certificate for which the verification error was detected is given by the
547``certificate`` attribute of the exception instance as a :class:`X509`
548instance.
549
550Details about the verification error are given in the exception's ``args`` attribute.
Stephen Holsapple95a46652015-02-09 19:34:25 -0800551
552
Stephen Holsapple08ffaa62015-01-30 17:18:40 -0800553X509StoreContext objects
554------------------------
555
556The X509StoreContext object is used for verifying a certificate against a set
557of trusted certificates.
558
559
560.. py:method:: X509StoreContext.verify_certificate()
561
562 Verify a certificate in the context of this initialized `X509StoreContext`.
563 On error, raises `X509StoreContextError`, otherwise does nothing.
564
565 .. versionadded:: 0.15
566
567
568
Jonathan Balletc9e066c2011-07-17 22:56:05 +0900569.. _openssl-pkey:
570
571PKey objects
572------------
573
574The PKey object has the following methods:
575
Jonathan Ballet6381da32011-07-20 16:43:38 +0900576.. py:method:: PKey.bits()
Jonathan Balletc9e066c2011-07-17 22:56:05 +0900577
578 Return the number of bits of the key.
579
580
Jonathan Ballet6381da32011-07-20 16:43:38 +0900581.. py:method:: PKey.generate_key(type, bits)
Jonathan Balletc9e066c2011-07-17 22:56:05 +0900582
583 Generate a public/private key pair of the type *type* (one of
584 :py:const:`TYPE_RSA` and :py:const:`TYPE_DSA`) with the size *bits*.
585
586
Jonathan Ballet6381da32011-07-20 16:43:38 +0900587.. py:method:: PKey.type()
Jonathan Balletc9e066c2011-07-17 22:56:05 +0900588
589 Return the type of the key.
590
591
Jonathan Ballet6381da32011-07-20 16:43:38 +0900592.. py:method:: PKey.check()
Jonathan Balletc9e066c2011-07-17 22:56:05 +0900593
594 Check the consistency of this key, returning True if it is consistent and
595 raising an exception otherwise. This is only valid for RSA keys. See the
596 OpenSSL RSA_check_key man page for further limitations.
597
598
599.. _openssl-pkcs7:
600
601PKCS7 objects
602-------------
603
604PKCS7 objects have the following methods:
605
Jonathan Ballet6381da32011-07-20 16:43:38 +0900606.. py:method:: PKCS7.type_is_signed()
Jonathan Balletc9e066c2011-07-17 22:56:05 +0900607
608 FIXME
609
610
Jonathan Ballet6381da32011-07-20 16:43:38 +0900611.. py:method:: PKCS7.type_is_enveloped()
Jonathan Balletc9e066c2011-07-17 22:56:05 +0900612
613 FIXME
614
615
Jonathan Ballet6381da32011-07-20 16:43:38 +0900616.. py:method:: PKCS7.type_is_signedAndEnveloped()
Jonathan Balletc9e066c2011-07-17 22:56:05 +0900617
618 FIXME
619
620
Jonathan Ballet6381da32011-07-20 16:43:38 +0900621.. py:method:: PKCS7.type_is_data()
Jonathan Balletc9e066c2011-07-17 22:56:05 +0900622
623 FIXME
624
625
Jonathan Ballet6381da32011-07-20 16:43:38 +0900626.. py:method:: PKCS7.get_type_name()
Jonathan Balletc9e066c2011-07-17 22:56:05 +0900627
628 Get the type name of the PKCS7.
629
630
631.. _openssl-pkcs12:
632
633PKCS12 objects
634--------------
635
636PKCS12 objects have the following methods:
637
Jonathan Ballet6381da32011-07-20 16:43:38 +0900638.. py:method:: PKCS12.export([passphrase=None][, iter=2048][, maciter=1])
Jonathan Balletc9e066c2011-07-17 22:56:05 +0900639
640 Returns a PKCS12 object as a string.
641
642 The optional *passphrase* must be a string not a callback.
643
644 See also the man page for the C function :py:func:`PKCS12_create`.
645
646
647.. py:method:: PKCS12.get_ca_certificates()
648
649 Return CA certificates within the PKCS12 object as a tuple. Returns
650 :py:const:`None` if no CA certificates are present.
651
652
653.. py:method:: PKCS12.get_certificate()
654
655 Return certificate portion of the PKCS12 structure.
656
657
658.. py:method:: PKCS12.get_friendlyname()
659
660 Return friendlyName portion of the PKCS12 structure.
661
662
663.. py:method:: PKCS12.get_privatekey()
664
665 Return private key portion of the PKCS12 structure
666
667
668.. py:method:: PKCS12.set_ca_certificates(cacerts)
669
670 Replace or set the CA certificates within the PKCS12 object with the sequence *cacerts*.
671
672 Set *cacerts* to :py:const:`None` to remove all CA certificates.
673
674
675.. py:method:: PKCS12.set_certificate(cert)
676
677 Replace or set the certificate portion of the PKCS12 structure.
678
679
680.. py:method:: PKCS12.set_friendlyname(name)
681
682 Replace or set the friendlyName portion of the PKCS12 structure.
683
684
685.. py:method:: PKCS12.set_privatekey(pkey)
686
687 Replace or set private key portion of the PKCS12 structure
688
689
690.. _openssl-509ext:
691
692X509Extension objects
693---------------------
694
695X509Extension objects have several methods:
696
697.. py:method:: X509Extension.get_critical()
698
699 Return the critical field of the extension object.
700
701
702.. py:method:: X509Extension.get_short_name()
703
704 Retrieve the short descriptive name for this extension.
705
706 The result is a byte string like :py:const:`basicConstraints`.
707
708 .. versionadded:: 0.12
709
710
711.. py:method:: X509Extension.get_data()
712
713 Retrieve the data for this extension.
714
715 The result is the ASN.1 encoded form of the extension data as a byte string.
716
717 .. versionadded:: 0.12
718
719
720.. _openssl-netscape-spki:
721
722NetscapeSPKI objects
723--------------------
724
725NetscapeSPKI objects have the following methods:
726
727.. py:method:: NetscapeSPKI.b64_encode()
728
729 Return a base64-encoded string representation of the object.
730
731
732.. py:method:: NetscapeSPKI.get_pubkey()
733
734 Return the public key of object.
735
736
737.. py:method:: NetscapeSPKI.set_pubkey(key)
738
739 Set the public key of the object to *key*.
740
741
742.. py:method:: NetscapeSPKI.sign(key, digest_name)
743
744 Sign the NetscapeSPKI object using the given *key* and *digest_name*.
745 *digest_name* must be a string describing a digest algorithm supported by
746 OpenSSL (by EVP_get_digestbyname, specifically). For example,
747 :py:const:`"md5"` or :py:const:`"sha1"`.
748
749
750.. py:method:: NetscapeSPKI.verify(key)
751
752 Verify the NetscapeSPKI object using the given *key*.
753
754
755.. _crl:
756
757CRL objects
758-----------
759
760CRL objects have the following methods:
761
762.. py:method:: CRL.add_revoked(revoked)
763
764 Add a Revoked object to the CRL, by value not reference.
765
766
767.. py:method:: CRL.export(cert, key[, type=FILETYPE_PEM][, days=100])
768
769 Use *cert* and *key* to sign the CRL and return the CRL as a string.
770 *days* is the number of days before the next CRL is due.
771
772
773.. py:method:: CRL.get_revoked()
774
775 Return a tuple of Revoked objects, by value not reference.
776
777
778.. _revoked:
779
780Revoked objects
781---------------
782
783Revoked objects have the following methods:
784
785.. py:method:: Revoked.all_reasons()
786
787 Return a list of all supported reasons.
788
789
790.. py:method:: Revoked.get_reason()
791
792 Return the revocation reason as a str. Can be
793 None, which differs from "Unspecified".
794
795
796.. py:method:: Revoked.get_rev_date()
797
798 Return the revocation date as a str.
799 The string is formatted as an ASN1 GENERALIZEDTIME.
800
801
802.. py:method:: Revoked.get_serial()
803
804 Return a str containing a hex number of the serial of the revoked certificate.
805
806
807.. py:method:: Revoked.set_reason(reason)
808
809 Set the revocation reason. *reason* must be None or a string, but the
810 values are limited. Spaces and case are ignored. See
811 :py:meth:`all_reasons`.
812
813
814.. py:method:: Revoked.set_rev_date(date)
815
816 Set the revocation date.
817 The string is formatted as an ASN1 GENERALIZEDTIME.
818
819
820.. py:method:: Revoked.set_serial(serial)
821
822 *serial* is a string containing a hex number of the serial of the revoked certificate.