Merge "Add documentation about supported extensions"

2015-09-28 10:00:32 +00:00 · 2015-09-28 10:00:32 +00:00 · 7dee9a2a4c
parent 23377742a6 33ac1a09e2
commit 7dee9a2a4c
2 changed files with 33 additions and 0 deletions
--- a/doc/source/extensions.rst
+++ b/doc/source/extensions.rst
@ -0,0 +1,32 @@
+Extension support
+=================
+
+Extensions in Anchor are supported on 3 levels:
+
+* CSR parser (deciding what OIDs are recognised and the what is the interface
+  to extensions)
+* validators / fixups which operate on extensions
+* signing backends which operate on extensions
+
+Anchor needs to parse the extension to use it in a validator or a fixup. That's
+not the case of the signing backends however - external backends may add/update
+extensions according to their own configuration.
+
+Anchor can parse and analyse the following extensions:
+
+* Basic Constraints
+* Key Usage
+* Subject Alternative Name
+
+The following extensions are listed as required or preferred, but due to
+Anchor's main purpose (ephemeral certificates) they will be either ignored (if
+they're not critical), or will prevent signing (if they are):
+
+* Certificate Policies
+* Policy Mappings
+* Inhibit anyPolicy
+* CRL Distribution Points
+* Freshest CRL
+
+Other extensions will be added to the implementation when they're needed for
+validation / fixups.
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@ -14,6 +14,7 @@ Contents:

   configuration
   api
+   extensions
   signing_backends
   ephemeralPKI
   validators