Closed atmenta closed 4 years ago
This is documented as something that the calling code should expect: https://github.com/wbond/certvalidator/blob/5bc5c390c1955195507c23db91b8926bb03f7385/certvalidator/validate.py#L1170.
This is documented as something that the calling code should expect:
Although it is documented in the docstring of validate.verify_crl
, that is not part of the public interface of certvalidator. As far as I understand, the public interface to be used to validate a certificate are CertificateValidator
's public methods: validate_usage
and validate_tls
. Since neither the :raises:
section of their docstrings, nor the API documentation mentions CRLValidationError
, that exception is practically undocumented from the end user point of view. The only way to discover that error is investigating the source code and inner logic of certvalidator...
When the certificate path of a CRL issuer could not be validated,
validate.verify_crl
raises aCRLValidationError
:https://github.com/wbond/certvalidator/blob/5bc5c390c1955195507c23db91b8926bb03f7385/certvalidator/validate.py#L1380
On the other hand, code calling
verify_crl
handles only derived errors (CRLValidationIndeterminateError
andCRLNoMatchesError
), notCRLValidationError
itself:https://github.com/wbond/certvalidator/blob/5bc5c390c1955195507c23db91b8926bb03f7385/certvalidator/validate.py#L400-L419
This way
CRLValidationError
may escape from certvalidator, which is probably not intentional and is not documented.