Hi all, WIth the recent changes made to enable CRL in verify context objects (see here https://github.com/pyca/pyopenssl/pull/483) I would like to know some further functionality. In particular, if this API supports CRL chaining and/or CRL concatenation. Would a CRL need to contain a full chain of issuing intermediate CA's and the issuing root CA? Also when we create an X509Store object we add the certificate in question using add_cert() but when we use it to verify in the X509StoreContext, must we use the same certificate? It seems slightly confusing given the lack of documentation. I am basing most of my assumptions on the unit tests that were merged in.
Regards, Ansley
_______________________________________________ Cryptography-dev mailing list Cryptography-dev@python.org https://mail.python.org/mailman/listinfo/cryptography-dev
