Diff of autodoc.git/traditional_manual/chapter_21.html (580d29e9dcffa5c1a8683834ae8e2350574b8e20 » 153a9ea36a8038070c4604451095575196b55438)

autodoc.git/traditional_manual/chapter_21.html:47769: <dd class='body--doc'>This function allows self-signed certificates, and it doesn't check that names or extensions make sense. </dd></dl> <hr /> <dl class='group--doc'> <dt class='head--type'>Method verify_certificate_chain </dt> - <dd><code><code class='datatype'>mapping</code> verify_certificate_chain(<code class='datatype'>array</code>(<code class='datatype'>string</code>|<code class='object unresolved'>.PKCS.Signature.Signed</code>) <code class='argument'>cert_chain</code>, <code class='datatype'>mapping</code>(<code class='datatype'>string</code>:<code class='object unresolved'>Verifier</code>|<code class='datatype'>array</code>(<code class='object unresolved'>Verifier</code>)) <code class='argument'>authorities</code>, <code class='datatype'>int</code>|<code class='datatype'>void</code> <code class='argument'>require_trust</code>, <code class='datatype'>mapping</code>(<code class='datatype'>string</code>:<code class='datatype'>mixed</code>)|<code class='datatype'>void</code> <code class='argument'>options</code>)</code></dd> + <dd><code><code class='datatype'>mapping</code> verify_certificate_chain(<code class='datatype'>array</code>(<code class='datatype'>string</code>|<code class='object unresolved'>.PKCS.Signature.Signed</code>) <code class='argument'>cert_chain</code>, <code class='datatype'>mapping</code>(<code class='datatype'>string</code>:<code class='object unresolved'>Verifier</code>|<code class='datatype'>array</code>(<code class='object unresolved'>Verifier</code>)) <code class='argument'>authorities</code>, <code class='datatype'>int</code>|<code class='datatype'>void</code> <code class='argument'>require_trust</code>, <code class='datatype'>mapping</code>(<code class='datatype'>string</code>:<code class='datatype'>mixed</code>)|<code class='object unresolved'>bool</code>|<code class='datatype'>void</code> <code class='argument'>options</code>)</code></dd> <dt class='head--doc'>Description</dt> <dd class='body--doc'>Decodes a certificate chain, ordered from leaf to root, and checks the signatures. Verifies that the chain can be decoded correctly, is unbroken, and that all certificates are in effect (time-wise.) and allowed to sign its child certificate. No verifications are done on the leaf certificate to determine what it can and can not be used for. Returns a mapping with the following contents, depending on the verification of the certificate chain:
autodoc.git/traditional_manual/chapter_21.html:47813: certificate should be a DER-encoded certificate, or decoded as a <code>Standards.PKCS.Signature.Signed</code> object. </dd> <dt class='head--doc'>Parameter <code class='parameter'>authorities</code></dt> <dd></dd><dd class='body--doc'>A mapping from (DER-encoded) names to verifiers. </dd> <dt class='head--doc'>Parameter <code class='parameter'>require_trust</code></dt> <dd></dd><dd class='body--doc'>Require that the certificate be traced to an authority, even if it is self signed. </dd> + <dt class='head--doc'>Parameter <code class='parameter'>strict</code></dt> + <dd></dd><dd class='body--doc'>By default this function only requires that the certificates are + in order, it ignores extra certificates we didn't need to verify + the leaf certificate. + If you specify <code>strict</code>, this will change, each certificate has + to be signed by the next in the chain. + Some https-servers send extraneous intermediate certificates + that aren't used to validate the leaf certificate. So strict + mode will be incompatible with such srevers. + </dd> <dt class='head--doc'>Parameter <code class='parameter'>options</code></dt> <dd></dd><dd class='body--doc'><table class='box'><tr><td><code><code class='key'>"verifier_algorithms"</code> : <code class='datatype'>mapping</code>(<code class='object unresolved'>Standards.ASN1.Types.Identifier</code>:<code class='object unresolved'>Crypto.Hash</code>)</code></td><td>A mapping of verifier algorithm identifier to hash algorithm implementation. </td></tr> - + <tr><td><code><code class='key'>"strict"</code> : <code class='datatype'>int</code></code></td><td>See <code>strict</code> above. + </td></tr> </table> </dd> <dt class='head--doc'>See also</dt> <dd class='body--doc'><code>get_algorithms()</code> See <code>Standards.PKCS.Certificate.get_dn_string</code> for converting the RDN to an X500 style string. </dd></dl> <dl><dt><h2 class='header'>Enum Standards.X509.CertFailure</h2> </dt><dd>
autodoc.git/traditional_manual/chapter_21.html:47993: <dl class='group--doc'> <dt class='head--type'>Variable der </dt> <dd><code><code class='datatype'>void</code> Standards.X509.TBSCertificate.der</code></dd> </dl> <hr /> <dl class='group--doc'> + <dt class='head--type'>Method + dn_str + </dt> + <dd><code><code class='datatype'>string</code> dn_str(<code class='object unresolved'>Sequence</code> <code class='argument'>dn</code>)</code></dd> + + <dt class='head--doc'>Description</dt> + <dd class='body--doc'>Try to extract a readable name from <code>dn</code>. This is one of + commonName, organizationName or organizationUnitName. The first + that is found is returned. Suitable for subjects and issuer + sequences. + </dd></dl> + + + <hr /> + <dl class='group--doc'> <dt class='head--type'>Variable ext_authorityKeyIdentifier </dt> <dd><code><code class='datatype'>bool</code> Standards.X509.TBSCertificate.ext_authorityKeyIdentifier</code></dd> <dt class='head--doc'>Description</dt> <dd class='body--doc'>Set if the certificate contains a valid authorityKeyIdentifier extension. <a href='http://pike.lysator.liu.se/rfc3280.xml#4.2.1.1'>RFC 3280 section 4.2.1.1</a>. </dd></dl>
autodoc.git/traditional_manual/chapter_21.html:48218: </dt> <dd><code><code class='datatype'>void</code> Standards.X509.TBSCertificate.issuer_id</code></dd> <dt class='head--doc'>Note</dt> <dd class='body--doc'>optional </dd></dl> <hr /> <dl class='group--doc'> + <dt class='head--type'>Method + issuer_str + </dt> + <dd><code><code class='datatype'>string</code> issuer_str()</code></dd> + + <dt class='head--doc'>Description</dt> + <dd class='body--doc'>Return the issuer of the certificate as a human readable string. + Mainly useful for debug. + </dd></dl> + + + <hr /> + <dl class='group--doc'> <dt class='head--type'>Variable keyinfo </dt> <dd><code><code class='datatype'>void</code> Standards.X509.TBSCertificate.keyinfo</code></dd> </dl> <hr /> <dl class='group--doc'> <dt class='head--type'>Method
autodoc.git/traditional_manual/chapter_21.html:48315: </dt> <dd><code><code class='datatype'>void</code> Standards.X509.TBSCertificate.subject_id</code></dd> <dt class='head--doc'>Note</dt> <dd class='body--doc'>optional </dd></dl> <hr /> <dl class='group--doc'> + <dt class='head--type'>Method + subject_str + </dt> + <dd><code><code class='datatype'>string</code> subject_str()</code></dd> + + <dt class='head--doc'>Description</dt> + <dd class='body--doc'>Attempt to create a presentable string from the subject DER. + </dd></dl> + + + <hr /> + <dl class='group--doc'> <dt class='head--type'>Variable validity </dt> <dd><code><code class='datatype'>void</code> Standards.X509.TBSCertificate.validity</code></dd> </dl> <hr /> <dl class='group--doc'> <dt class='head--type'>Variable

autodoc.git / traditional_manual / chapter_21.html