Nice getter for CRLDistributionPoints? #12234
Comments
|
Given a certificate, you can get the CRLDP extension with https://cryptography.io/en/latest/x509/reference/#cryptography.x509.Extensions.get_extension_for_class Then you'll have a https://cryptography.io/en/latest/x509/reference/#cryptography.x509.CRLDistributionPoints and you can access whatever attributes you need. |
alex
added
the
waiting-on-reporter
|
This issue has been waiting for a reporter response for 3 days. It will be auto-closed if no activity occurs in the next 5 days. |
|
Alex, that is my issue, the object as far as i see can only return me oid field, that i do not need, and i need a list of distribution points. Can you advise how can i get them? |
|
It is an iterable so you can iterate over it to get distribution points. |
|
Are you sure? |
|
You need to access the .value attribute to get the CDP value
…On Wed, Jan 8, 2025, 2:44 PM Oleg Andrianov ***@***.***> wrote:
Are you sure?
print (len(cdp))
^^^^^^^^
TypeError: object of type 'Extension' has no len()
print (cdp[0])
^^^
TypeError: 'Extension' object is not subscriptable
print (next(cdp))
^^^^^^^^^
TypeError: 'Extension' object is not an iterator
print (list(cdp))
^^^^^^^^^
TypeError: 'Extension' object is not iterable
—
Reply to this email directly, view it on GitHub
<#12234 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAAGBG4BLUQUI7VLMYP7BT2JV5Z5AVCNFSM6AAAAABUS6Q5SWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKNZYGQ4TGOJWGY>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
|
Oh, that value attribute was not int he documentation, so that confused me, So i am back to my original question: |
|
You can simplify this code a bit with But yes, your intuition is basically right: there's no guarantee that a CRL DP will have any particular structure, which means writing utilities to handle one use case need lots of different behaviors (what should happen if not all elements are URLs? Exception? Silently ignore? Does it need to handle relative names? Filter for different reasons?) For that reason, we generally prefer offering APIs with full generality, and then encourage users to write and publish their utilities that cover exactly their case cases. |
|
Yeah, but i wish the .value thing was better documented. Autocomplete offers only .oid as possible method for extension. |
|
We'd be delighted to get a PR to the docs making the `.value` attribute
more clear.
…On Wed, Jan 8, 2025 at 7:50 PM Oleg Andrianov ***@***.***> wrote:
Yeah, but i with the .value thing was better documented. Autocomplete
offers only .oid as possible method for extension.
—
Reply to this email directly, view it on GitHub
<#12234 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAAGBE7LO6F3MLQZWUKHVT2JXBTXAVCNFSM6AAAAABUS6Q5SWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKNZYHE3TCNZVGI>
.
You are receiving this because you commented.Message ID:
***@***.***>
--
All that is necessary for evil to succeed is for good people to do nothing.
|
|
Yes, I would love to help, but I do not feel competent enough to do that. |
Hi, it appears there is no good and easy way to extract a CDP list from a certificate object (or it is not very well documented).
Would love to have this added to the Certificate Object or at least to the CRLDistributionPoints extention object.
This way i will be able to get a list of URIs to work with -get the CRLs, check connections, etc.
(Same goes for OCSP)
The text was updated successfully, but these errors were encountered: