def load_or_create_crl(crl_file, ca_crt, pkey):
if os.path.isfile(crl_file):
with open(crl_file, 'rb') as f:
crl = x509.load_pem_x509_crl(
data=f.read(),
backend=default_backend()
)
else:
crl = x509.CertificateRevocationListBuilder().issuer_name(
ca_crt.subject
).last_update(
datetime.datetime.utcnow()
).next_update(
datetime.datetime.utcnow() + datetime.timedelta(days=365 * 10)
).sign(
private_key=pkey,
algorithm=hashes.SHA256(),
backend=default_backend()
)
with open(crl_file, 'wb') as f:
f.write(crl.public_bytes(
encoding=serialization.Encoding.PEM,
))
return crl
评论列表
文章目录
