diff options
author | Stephen Holsapple <sholsapp@gmail.com> | 2014-08-27 19:36:53 -0700 |
---|---|---|
committer | Stephen Holsapple <sholsapp@gmail.com> | 2015-01-30 17:49:34 -0800 |
commit | 0d9815fb0a1b24b59f0329e8d623f4a34239399a (patch) | |
tree | a2e8fa6fee03915019bd77780c7fc6648dcf009d /doc | |
parent | 496f40dca9a47c0f1dfe0cd841256485708c8442 (diff) | |
download | pyopenssl-0d9815fb0a1b24b59f0329e8d623f4a34239399a.tar.gz |
Add OpenSSL.crypto.verify_chain method.
This change adds support for verifying a certificate or a certificate
chain. This implementation uses OpenSSL's underlying X509_STORE_CTX_*
class of functions to accomplish this.
This change also adds an intermediate signing certificate/key and a
service certificate/key signed with the intermediate signing
certificate, to make testing the OpenSSL.crypto.verify_chain method
easier to test. I figured I would add it to the top level module so
other people can use an intermediate signing certificate in their own
tests.
Issue: https://github.com/pyca/pyopenssl/issues/154
Diffstat (limited to 'doc')
-rw-r--r-- | doc/api/crypto.rst | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/doc/api/crypto.rst b/doc/api/crypto.rst index b360e89..344fa40 100644 --- a/doc/api/crypto.rst +++ b/doc/api/crypto.rst @@ -42,7 +42,17 @@ .. py:data:: X509StoreType - A Python type object representing the X509Store object type. + See :py:class:`X509Store` + + +.. py:data X509Store + + A class representing the X.509 store. + + +.. py:data:: X509StoreContext + + A class representing the X.509 store context. .. py:data:: PKeyType @@ -230,6 +240,18 @@ .. versionadded:: 0.11 +.. py:function:: verify_cert(store_ctx) + + Verify a certificate in a context. + + A :py:class:`X509StoreContext` is used to verify a certificate in some + context in conjunction with :py:func:`verify_cert`. The information + encapsulated in this object includes, but is not limited to, a set of + trusted certificates, verification parameters and revoked certificates. + + .. versionadded:: 0.15 + + .. _openssl-x509: X509 objects |