Commit 20de8d07 authored by Vincent Pelletier's avatar Vincent Pelletier

ca: Enable CRLDistributionPoints extension in signed certificates.

This is fixed in latest cryptography module.
Forgotten when cryptography minimal version was bumped to 2.1.1 .
parent 59e8485a
......@@ -393,22 +393,20 @@ class CertificateAuthority(object):
),
],
)
# Note: disabled because of following IPv6 bug:
# https://github.com/pyca/cryptography/issues/3863
# if self._crl_base_url:
# builder = builder.add_extension(
# x509.CRLDistributionPoints([
# x509.DistributionPoint(
# full_name=[
# x509.UniformResourceIdentifier(self._crl_base_url),
# ],
# relative_name=None,
# crl_issuer=None,
# reasons=None,
# ),
# ]),
# critical=False, # "SHOULD be non-critical"
# )
if self._crl_base_url:
builder = builder.add_extension(
x509.CRLDistributionPoints([
x509.DistributionPoint(
full_name=[
x509.UniformResourceIdentifier(self._crl_base_url),
],
relative_name=None,
crl_issuer=None,
reasons=None,
),
]),
critical=False, # "SHOULD be non-critical"
)
try:
key_usage_extension = template_csr.extensions.get_extension_for_class(
x509.KeyUsage,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment