allow me to set basicConstraints so I can set certificate chains #85

glyph · 2014-03-31T07:58:28Z

https://www.openssl.org/docs/apps/x509v3_config.html#Basic_Constraints_

I was trying to write a test case that verified a certificate chain "for real" and I noticed that there doesn't seem to be a way to set basicConstraints so that OpenSSL thinks an intermediate certificate is a valid CA.

The text was updated successfully, but these errors were encountered:

exarkun · 2014-03-31T11:47:29Z

You can do this with X509.add_extensions.

glyph · 2014-03-31T21:07:04Z

Do I have to synthesize my own ASN.1 string? I kinda want to use the "nice" way that OpenSSL lets you say, for example, "CA:true".

exarkun · 2014-03-31T21:12:18Z

X509Extension("basicConstraints", True, "CA:true")

glyph · 2014-03-31T21:17:22Z

Aha, I had found https://pythonhosted.org/pyOpenSSL/api/crypto.html#x509extension-objects but glossed over https://pythonhosted.org/pyOpenSSL/api/crypto.html#OpenSSL.crypto.X509Extension which is where the crucial "typename" string is documented. Thanks!

exarkun closed this as completed Mar 31, 2014

github-actions bot locked as resolved and limited conversation to collaborators Aug 20, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

allow me to set basicConstraints so I can set certificate chains #85

allow me to set basicConstraints so I can set certificate chains #85

glyph commented Mar 31, 2014

exarkun commented Mar 31, 2014

glyph commented Mar 31, 2014

exarkun commented Mar 31, 2014

glyph commented Mar 31, 2014

allow me to set basicConstraints so I can set certificate chains #85

allow me to set basicConstraints so I can set certificate chains #85

Comments

glyph commented Mar 31, 2014

exarkun commented Mar 31, 2014

glyph commented Mar 31, 2014

exarkun commented Mar 31, 2014

glyph commented Mar 31, 2014