Some policies require to include the complete chain up to the trusted root CA.
Currently there is a stub method policy.calculate_certificateS but no concrete implementation.
Bascially, I see two options:
Load certificates (in order) into a certs list
Include Regexps to separate a cert chain file by --- BEGIN CERTIFICATE --- and the like.
The latter would require some plumbing in order to be able to load the certificates and hide the cryptography interface. I don't favor this idea too much.
The former would preserve the pure cryptography interface.
@etobella Is there any use case or argument why the latter should be favored? - Are you ok with me going for a cert list implementation in?
Some policies require to include the complete chain up to the trusted root CA. Currently there is a stub method
policy.calculate_certificateSbut no concrete implementation.Bascially, I see two options:
--- BEGIN CERTIFICATE ---and the like.The latter would require some plumbing in order to be able to load the certificates and hide the
cryptographyinterface. I don't favor this idea too much.The former would preserve the pure
cryptographyinterface.@etobella Is there any use case or argument why the latter should be favored? - Are you ok with me going for a cert list implementation in?