Expose some CRL attributes (#181)

[carletes]

This pull request addresses #181, exposing some useful attributes of CRL objects:

• Issuer
• Last Update
• Next Update
• CRL extensions

[coveralls]

Coverage increased (+0.18%) to 95.21% when pulling e6d1856 on carletes:expose-crl-params into 410b6d3 on pyca:master.

[coveralls]

Coverage increased (+0.18%) to 95.21% when pulling e6d1856 on carletes:expose-crl-params into 410b6d3 on pyca:master.

[coveralls]

Coverage increased (+0.18%) to 95.21% when pulling e6d1856 on carletes:expose-crl-params into 410b6d3 on pyca:master.

[coveralls]

Coverage increased (+0.18%) to 95.21% when pulling e6d1856 on carletes:expose-crl-params into 410b6d3 on pyca:master.

[coveralls]

Coverage increased (+0.18%) to 95.21% when pulling 136cd1f on carletes:expose-crl-params into 410b6d3 on pyca:master.

[sholsapp]

Setting some of these attributes available in #281

[hynek]

Since I’m woefully uninformed about CRLs, I would like @reaperhulk to comment on this.

[braingu-gil]

Is there an update on the status of this pull request? This feature would be extremely useful for anyone using CRLs.

[hynek]

First of all, please accept my sincere apologies for this PR not moving along as we’d like to. I’ve tried to come up with a long-term solution to the general x509 problem domain and would also welcome your feedback to this thread:

https://mail.python.org/pipermail/cryptography-dev/2015-December/000539.html

(please note that there’s already responses: https://mail.python.org/pipermail/cryptography-dev/2015-December/thread.html https://mail.python.org/pipermail/cryptography-dev/2016-January/thread.html ).

I really hope this could be a way to loosen the guardian knot that the pyOpenSSL’s x509 layer currently presents to us maintainers and lightens the frustrations for contributors like you.

[carletes]

@hynek: No apologies needed! Except for mine, for taking this long to answer, that is.

I understand from @glyph's https://mail.python.org/pipermail/cryptography-dev/2015-December/000542.html and the other messages that pyOpenSSL should be eventually be deprecated, and we should all be using Cryptography. Is that correct?

I'm fine with this, and I can already do that for my code (in fact I submitted this pull request because I was not aware of this). If my understanding is correct, I'm happy to close this pull request and switch to Cryptography entirely. What's your advice?

And thanks a lot for taking the burden of maintaining pyOpenSSL, by the way!

[glyph]

@carletes My personal opinion; pyOpenSSL is still definitely maintained, but if you can switch over to purely using Cryptography's X509 stuff, without using pyOpenSSL at all, you probably should. If you are implementing TLS, pyOpenSSL is still probably a better way to go for now.

[gitaped]

What is the status of this PR? I find this feature extremely useful

[reaperhulk]

Our general policy at this point is that if it's possible to do in cryptography developers should do it there (where we have more modern APIs and a more active community). Since this is possible to do in cryptography (you can even convert to a cryptography CRL object by using to_cryptography on your existing pyOpenSSL CRL object) I'm going to go ahead and close this PR.