Add OpenSSL.crypto.verify_chain method.

This change adds support for verifying a certificate or a certificate
chain. This implementation uses OpenSSL's underlying X509_STORE_CTX_*
class of functions to accomplish this.

This change also adds an intermediate signing certificate/key and a
service certificate/key signed with the intermediate signing
certificate, to make testing the OpenSSL.crypto.verify_chain method
easier to test. I figured I would add it to the top level module so
other people can use an intermediate signing certificate in their own
tests.

Issue: https://github.com/pyca/pyopenssl/issues/154

1 files changed, 23 insertions, 1 deletions

diff --git a/doc/api/crypto.rst b/doc/api/crypto.rst
index b360e89..344fa40 100644
--- a/doc/api/crypto.rst
+++ b/doc/api/crypto.rst
@@ -42,7 +42,17 @@
 
 .. py:data:: X509StoreType
 
-    A Python type object representing the X509Store object type.
+    See :py:class:`X509Store`
+
+
+.. py:data X509Store
+
+    A class representing the X.509 store.
+
+
+.. py:data:: X509StoreContext
+
+    A class representing the X.509 store context.
 
 
 .. py:data:: PKeyType
@@ -230,6 +240,18 @@
     .. versionadded:: 0.11
 
 
+.. py:function:: verify_cert(store_ctx)
+
+    Verify a certificate in a context.
+
+    A :py:class:`X509StoreContext` is used to verify a certificate in some
+    context in conjunction with :py:func:`verify_cert`. The information
+    encapsulated in this object includes, but is not limited to, a set of
+    trusted certificates, verification parameters and revoked certificates.
+
+    .. versionadded:: 0.15
+
+
 .. _openssl-x509:
 
 X509 objects