CertificateList (CRL)
CertificateList represents an RFC 5280 Certificate Revocation List.
Construction
CertificateList.from_der(data: bytes) -> CertificateList
CertificateList.from_pem(data: bytes) -> CertificateList | list[CertificateList]
CertificateList.to_pem(crl_or_list) -> bytes
Properties
| Property | Type | Description |
|---|---|---|
version | int | None | CRL version (1 = v2); None implies v1 (RFC 5280 §5.1.2.1) |
issuer | str | RFC 4514 DN string |
issuer_raw_der | bytes | Raw DER of issuer Name SEQUENCE |
this_update | str | thisUpdate time as string |
next_update | str | None | nextUpdate time as string, or None if absent |
signature_algorithm | str | Algorithm name or dotted OID |
signature_algorithm_oid | ObjectIdentifier | |
signature_value | bytes | Raw signature bytes |
crl_number | int | None | CRL sequence number from cRLNumber extension (OID 2.5.29.20), or None |
revoked_count | int | Number of revoked certificate entries |
Methods
| Method | Signature | Returns | Description |
|---|---|---|---|
to_der() | () | bytes | Original DER bytes |
get_extension_value_der | (oid: str | ObjectIdentifier) | bytes | None | Return the extnValue bytes of the named CRL extension, or None if absent. |
verify_issued_by | (issuer: Certificate) | None | Verify that this CRL was signed by issuer. Checks issuer Name match then signature. Raises ValueError on mismatch or invalid signature. |
Full class stub
class CertificateList:
@staticmethod
def from_der(data: bytes) -> CertificateList: ...
@staticmethod
def from_pem(data: bytes) -> CertificateList | list[CertificateList]: ...
@staticmethod
def to_pem(crl_or_list) -> bytes: ...
version: int | None
issuer: str
issuer_raw_der: bytes
this_update: str
next_update: str | None
signature_algorithm: str
signature_algorithm_oid: ObjectIdentifier
signature_value: bytes
crl_number: int | None
revoked_count: int
def to_der(self) -> bytes: ...
def get_extension_value_der(self, oid: str) -> bytes | None: ...
def verify_issued_by(self, issuer: Certificate) -> None: ...
Usage
import synta
# Parse a DER-encoded CRL
with open("ca.crl", "rb") as f:
crl = synta.CertificateList.from_der(f.read())
# Access fields
print(crl.issuer)
print(crl.this_update)
print(crl.next_update)
print(f"Revoked entries: {crl.revoked_count}")
print(f"CRL number: {crl.crl_number}")
# Verify the CRL signature
ca_cert = synta.Certificate.from_der(open("ca.der", "rb").read())
try:
crl.verify_issued_by(ca_cert)
print("CRL signature valid")
except ValueError as e:
print(f"Invalid CRL: {e}")
# Read the CRL number extension
crl_num_der = crl.get_extension_value_der("2.5.29.20")
See also Certificate and OCSP.