i am a new user of pyOpenSSL,i want make a certicate with following code
from OpenSSL import crypto as c
cert = c.X509()
cert.add_extensions([
c.X509Extension('crlDistributionPoints', False, 'dirName:/C=US/O=TEST'),
])
this code can't work, can anyone help me?pyOpenSSL seems not support dirName
cert.add_extensions([
c.X509Extension('crlDistributionPoints', False, 'URI:http://somesite') can work
])
I had exactly the same problem, and, however I also couldn't find a real solution, I managed to have a sort of workaround to get it done via Python. In this page the formatting is explained http://openssl.org/docs/apps/x509v3_config.html#CRL-distribution-points and also a option to use raw DER bytes. (Section: ARBITRARY EXTENSIONS)
First 'collect' the DER bytes from a certificate which already have the correct URI and dirName. Alternative make a certificate with openssl with correct crlDistributionPoint, tmpcert in this example is this certificate. Also figure out which extension index is used. get_short_name will give the 'key' of the extension, so search for crlDistributionPoint. Collect it using:
And afterwards format this output and use it in the initialiser of X509Extension()
As one understands, this is quitte a 'hardcoded' solution, there is no straightforward way of altering the content of this field this way.