CRLValidationError raised from validate.verify_crl is not handled

[atmenta]

When the certificate path of a CRL issuer could not be validated, validate.verify_crl raises a CRLValidationError:

https://github.com/wbond/certvalidator/blob/5bc5c390c1955195507c23db91b8926bb03f7385/certvalidator/validate.py#L1380

On the other hand, code calling verify_crl handles only derived errors (CRLValidationIndeterminateError and CRLNoMatchesError), not CRLValidationError itself:

https://github.com/wbond/certvalidator/blob/5bc5c390c1955195507c23db91b8926bb03f7385/certvalidator/validate.py#L400-L419

This way CRLValidationError may escape from certvalidator, which is probably not intentional and is not documented.

[wbond]

This is documented as something that the calling code should expect: https://github.com/wbond/certvalidator/blob/5bc5c390c1955195507c23db91b8926bb03f7385/certvalidator/validate.py#L1170.

[atmenta]

This is documented as something that the calling code should expect:

https://github.com/wbond/certvalidator/blob/5bc5c390c1955195507c23db91b8926bb03f7385/certvalidator/validate.py#L1170

Although it is documented in the docstring of validate.verify_crl, that is not part of the public interface of certvalidator. As far as I understand, the public interface to be used to validate a certificate are CertificateValidator's public methods: validate_usage and validate_tls. Since neither the :raises: section of their docstrings, nor the API documentation mentions CRLValidationError, that exception is practically undocumented from the end user point of view. The only way to discover that error is investigating the source code and inner logic of certvalidator...