ca: Enable CRLDistributionPoints extension in signed certificates.

This is fixed in latest cryptography module. Forgotten when cryptography minimal version was bumped to 2.1.1 .

ca: Enable CRLDistributionPoints extension in signed certificates.
This is fixed in latest cryptography module. Forgotten when cryptography minimal version was bumped to 2.1.1 .
20de8d07 · Vincent Pelletier · 59e8485a · 20de8d07
Commit 20de8d07 authored Nov 02, 2017 by Vincent Pelletier
Hide whitespace changes
Inline Side-by-side

Showing with 14 additions and 16 deletions

caucase/ca.py caucase/ca.py +14 -16

No files found.
--- a/caucase/ca.py
+++ b/caucase/ca.py
@@ -393,22 +393,20 @@ class CertificateAuthority(object):
        ),
      ],
    )
-# Note: disabled because of following IPv6 bug:
-# https://github.com/pyca/cryptography/issues/3863
-#    if self._crl_base_url:
-#      builder = builder.add_extension(
-#        x509.CRLDistributionPoints([
-#          x509.DistributionPoint(
-#            full_name=[
-#              x509.UniformResourceIdentifier(self._crl_base_url),
-#            ],
-#            relative_name=None,
-#            crl_issuer=None,
-#            reasons=None,
-#          ),
-#        ]),
-#        critical=False, # "SHOULD be non-critical"
-#      )
+    if self._crl_base_url:
+      builder = builder.add_extension(
+        x509.CRLDistributionPoints([
+          x509.DistributionPoint(
+            full_name=[
+              x509.UniformResourceIdentifier(self._crl_base_url),
+            ],
+            relative_name=None,
+            crl_issuer=None,
+            reasons=None,
+          ),
+        ]),
+        critical=False, # "SHOULD be non-critical"
+      )
    try:
      key_usage_extension = template_csr.extensions.get_extension_for_class(
        x509.KeyUsage,