atmenta
atmenta
The docstring of `context.ValidationContext` states that if the value of the `allow_fetching` parameter is `True` "and certificates contain the location of a CRL or OCSP responder, an HTTP request will...
If revocation mode is not "soft-fail", `URLError` and `socket.error` are reraised from `context.retrieve_crls`: https://github.com/wbond/certvalidator/blob/5bc5c390c1955195507c23db91b8926bb03f7385/certvalidator/context.py#L467-L473 and from `context.retrieve_ocsps`: https://github.com/wbond/certvalidator/blob/5bc5c390c1955195507c23db91b8926bb03f7385/certvalidator/context.py#L506-L512 Callers (`validate.verify_crl`, `validate.verify_ocsp_response`, and finally `validate._validate_path`) don't handle these errors, so they...
First of all, thank you for certvalidator! It makes an important task easy to complete in Python. :thumbsup: While I was experimenting with certificate revocation status checking I ran into...
The API documentation of `validate.validate_usage` and `validate.validate_tls` lists the following exceptions: https://github.com/wbond/certvalidator/blob/5bc5c390c1955195507c23db91b8926bb03f7385/docs/api.md#L91-L94 When someone tries to catch and distinguish those exceptions, its important to know that both `RevokedError` and `InvalidCertificateError`...
`ocsp_client.fetch` returns the first successfully fetched OCSP response: https://github.com/wbond/certvalidator/blob/5bc5c390c1955195507c23db91b8926bb03f7385/certvalidator/ocsp_client.py#L90-L107 This is the only response which is available for callers: `ValidationContext.retrieve_ocsps` and in turn `validate.verify_ocsp_response`. Processing of the response happens in...
When certvalidator fetches an OCSP response, but request and response nonces do not match `OCSPValidationError` is raised: https://github.com/wbond/certvalidator/blob/5bc5c390c1955195507c23db91b8926bb03f7385/certvalidator/ocsp_client.py#L101-L103 However, this error is neither caught (and handled), nor documented. Note: Other...