RubyGems - r509 - Versions diffs - 0.8.1 → 0.9 - Mend

r509 0.8.1 → 0.9

Files changed (203) hide show

data/README.md +343 -151
data/Rakefile +26 -23
data/bin/r509 +126 -112
data/bin/r509-parse +24 -24
data/doc/R509.html +169 -7
data/doc/R509/ASN1.html +370 -0
data/doc/R509/ASN1/GeneralName.html +1121 -0
data/doc/R509/ASN1/GeneralNames.html +843 -0
data/doc/R509/ASN1/NoticeReference.html +392 -0
data/doc/R509/ASN1/PolicyInformation.html +387 -0
data/doc/R509/ASN1/PolicyQualifiers.html +455 -0
data/doc/R509/ASN1/UserNotice.html +386 -0
data/doc/R509/{Crl.html → CRL.html} +7 -7
data/doc/R509/CRL/Administrator.html +1559 -0
data/doc/R509/{Crl/Parser.html → CRL/SignedList.html} +501 -210
data/doc/R509/{Csr.html → CSR.html} +444 -314
data/doc/R509/Cert.html +866 -617
data/doc/R509/Cert/Extensions.html +52 -41
data/doc/R509/Cert/Extensions/AuthorityInfoAccess.html +70 -35
data/doc/R509/Cert/Extensions/AuthorityKeyIdentifier.html +387 -4
data/doc/R509/Cert/Extensions/BasicConstraints.html +61 -25
data/doc/R509/Cert/Extensions/CRLDistributionPoints.html +354 -0
data/doc/R509/Cert/Extensions/CertificatePolicies.html +340 -0
data/doc/R509/Cert/Extensions/ExtendedKeyUsage.html +440 -49
data/doc/R509/Cert/Extensions/{CrlDistributionPoints.html → InhibitAnyPolicy.html} +52 -35
data/doc/R509/Cert/Extensions/KeyUsage.html +247 -121
data/doc/R509/Cert/Extensions/NameConstraints.html +445 -0
data/doc/R509/Cert/Extensions/OCSPNoCheck.html +239 -0
data/doc/R509/Cert/Extensions/PolicyConstraints.html +424 -0
data/doc/R509/Cert/Extensions/SubjectAlternativeName.html +437 -62
data/doc/R509/Cert/Extensions/SubjectKeyIdentifier.html +52 -10
data/doc/R509/CertificateAuthority.html +4 -4
data/doc/R509/CertificateAuthority/Signer.html +154 -187
data/doc/R509/Config.html +6 -6
data/doc/R509/Config/{CaConfig.html → CAConfig.html} +451 -348
data/doc/R509/Config/{CaConfigPool.html → CAConfigPool.html} +47 -47
data/doc/R509/Config/CAProfile.html +1015 -0
data/doc/R509/Config/SubjectItemPolicy.html +86 -86
data/doc/R509/IOHelpers.html +22 -22
data/doc/R509/MessageDigest.html +14 -14
data/doc/R509/NameSanitizer.html +53 -53
data/doc/R509/{Ocsp.html → OCSP.html} +9 -9
data/doc/R509/{Ocsp → OCSP}/Request.html +7 -7
data/doc/R509/{Ocsp → OCSP}/Request/Nonce.html +56 -11
data/doc/R509/{Ocsp → OCSP}/Response.html +44 -44
data/doc/R509/{OidMapper.html → OIDMapper.html} +23 -39
data/doc/R509/PrivateKey.html +415 -168
data/doc/R509/R509Error.html +3 -3
data/doc/R509/{Spki.html → SPKI.html} +354 -192
data/doc/R509/Subject.html +224 -113
data/doc/R509/Validity.html +27 -5
data/doc/R509/Validity/Checker.html +13 -13
data/doc/R509/Validity/DefaultChecker.html +13 -13
data/doc/R509/Validity/DefaultWriter.html +14 -14
data/doc/R509/Validity/Status.html +39 -39
data/doc/R509/Validity/Writer.html +18 -18
data/doc/_index.html +138 -35
data/doc/class_list.html +1 -1
data/doc/css/style.css +10 -0
data/doc/file.README.html +368 -171
data/doc/file.r509.html +92 -69
data/doc/frames.html +1 -1
data/doc/index.html +368 -171
data/doc/method_list.html +910 -390
data/doc/top-level-namespace.html +3 -3
data/lib/r509.rb +32 -16
data/lib/r509/asn1.rb +375 -0
data/lib/r509/cert.rb +381 -364
data/lib/r509/cert/extensions.rb +443 -76
data/lib/r509/certificate_authority.rb +407 -0
data/lib/r509/config.rb +547 -351
data/lib/r509/crl.rb +336 -366
data/lib/r509/csr.rb +278 -289
data/lib/r509/ec-hack.rb +37 -0
data/lib/r509/exceptions.rb +3 -3
data/lib/r509/io_helpers.rb +44 -44
data/lib/r509/message_digest.rb +53 -0
data/lib/r509/ocsp.rb +80 -70
data/lib/r509/oid_mapper.rb +32 -0
data/lib/r509/private_key.rb +228 -0
data/lib/r509/spki.rb +145 -93
data/lib/r509/subject.rb +203 -110
data/lib/r509/validity.rb +70 -68
data/lib/r509/version.rb +2 -2
data/r509.yaml +92 -69
data/spec/asn1_spec.rb +402 -0
data/spec/cert/extensions_spec.rb +957 -494
data/spec/cert_spec.rb +382 -307
data/spec/certificate_authority_spec.rb +668 -250
data/spec/config_spec.rb +515 -302
data/spec/crl_spec.rb +197 -198
data/spec/csr_spec.rb +334 -289
data/spec/fixtures.rb +247 -171
data/spec/fixtures/cert1.der +0 -0
data/spec/fixtures/cert1.pem +0 -0
data/spec/fixtures/cert1_public_key_modulus.txt +0 -0
data/spec/fixtures/cert3.p12 +0 -0
data/spec/fixtures/cert3.pem +0 -0
data/spec/fixtures/cert3_key.pem +0 -0
data/spec/fixtures/cert3_key_des3.pem +0 -0
data/spec/fixtures/cert4.pem +0 -0
data/spec/fixtures/cert5.pem +0 -0
data/spec/fixtures/cert6.pem +0 -0
data/spec/fixtures/cert_expired.pem +0 -0
data/spec/fixtures/cert_inhibit.pem +24 -0
data/spec/fixtures/cert_name_constraints.pem +29 -0
data/spec/fixtures/cert_not_yet_valid.pem +0 -0
data/spec/fixtures/cert_ocsp_no_check.pem +18 -0
data/spec/fixtures/cert_policy_constraints.pem +31 -0
data/spec/fixtures/cert_san.pem +0 -0
data/spec/fixtures/cert_san2.pem +0 -0
data/spec/fixtures/cert_unknown_extension.pem +28 -0
data/spec/fixtures/config_pool_test_minimal.yaml +11 -11
data/spec/fixtures/config_test.yaml +54 -36
data/spec/fixtures/config_test_dsa.yaml +35 -0
data/spec/fixtures/config_test_ec.yaml +35 -0
data/spec/fixtures/config_test_engine_key.yaml +5 -5
data/spec/fixtures/config_test_engine_no_key_name.yaml +4 -4
data/spec/fixtures/config_test_minimal.yaml +4 -4
data/spec/fixtures/config_test_password.yaml +5 -5
data/spec/fixtures/config_test_various.yaml +111 -74
data/spec/fixtures/crl_list_file.txt +0 -0
data/spec/fixtures/crl_with_reason.pem +0 -0
data/spec/fixtures/csr1.der +0 -0
data/spec/fixtures/csr1.pem +0 -0
data/spec/fixtures/csr1_key.der +0 -0
data/spec/fixtures/csr1_key.pem +0 -0
data/spec/fixtures/csr1_key_encrypted_des3.pem +0 -0
data/spec/fixtures/csr1_newlines.pem +0 -0
data/spec/fixtures/csr1_no_begin_end.pem +0 -0
data/spec/fixtures/csr1_public_key_modulus.txt +0 -0
data/spec/fixtures/csr2.pem +0 -0
data/spec/fixtures/csr2_key.pem +0 -0
data/spec/fixtures/csr3.pem +0 -0
data/spec/fixtures/csr4.pem +0 -0
data/spec/fixtures/csr_dsa.pem +0 -0
data/spec/fixtures/csr_invalid_signature.pem +0 -0
data/spec/fixtures/dsa_key.pem +0 -0
data/spec/fixtures/dsa_root.cer +28 -0
data/spec/fixtures/dsa_root.key +20 -0
data/spec/fixtures/ec_csr2.der +0 -0
data/spec/fixtures/ec_csr2.pem +8 -0
data/spec/fixtures/ec_key1.der +0 -0
data/spec/fixtures/ec_key1.pem +6 -0
data/spec/fixtures/ec_key1_encrypted.pem +9 -0
data/spec/fixtures/ec_key2.pem +6 -0
data/spec/fixtures/hmacsha1.sig +1 -0
data/spec/fixtures/hmacsha512.sig +1 -0
data/spec/fixtures/key4.pem +0 -0
data/spec/fixtures/key4_encrypted_des3.pem +0 -0
data/spec/fixtures/missing_key_identifier_ca.cer +0 -0
data/spec/fixtures/missing_key_identifier_ca.key +0 -0
data/spec/fixtures/ocsptest.r509.local.pem +0 -0
data/spec/fixtures/ocsptest.r509.local_ocsp_request.der +0 -0
data/spec/fixtures/ocsptest2.r509.local.pem +0 -0
data/spec/fixtures/second_ca.cer +0 -0
data/spec/fixtures/second_ca.key +0 -0
data/spec/fixtures/spkac.der +0 -0
data/spec/fixtures/spkac.txt +0 -0
data/spec/fixtures/spkac_dsa.txt +1 -1
data/spec/fixtures/spkac_dsa_no_verify.txt +1 -0
data/spec/fixtures/spkac_ec.txt +1 -0
data/spec/fixtures/spkac_rsa_newlines.txt +13 -0
data/spec/fixtures/stca.pem +0 -0
data/spec/fixtures/stca_ocsp_request.der +0 -0
data/spec/fixtures/stca_ocsp_response.der +0 -0
data/spec/fixtures/test1.csr +0 -0
data/spec/fixtures/test_ca.cer +0 -0
data/spec/fixtures/test_ca.key +0 -0
data/spec/fixtures/test_ca.p12 +0 -0
data/spec/fixtures/test_ca_des3.key +0 -0
data/spec/fixtures/test_ca_ec.cer +14 -0
data/spec/fixtures/test_ca_ec.key +6 -0
data/spec/fixtures/test_ca_ec_ee.cer +22 -0
data/spec/fixtures/test_ca_ec_ee.key +6 -0
data/spec/fixtures/test_ca_ocsp.cer +0 -0
data/spec/fixtures/test_ca_ocsp.key +0 -0
data/spec/fixtures/test_ca_ocsp.p12 +0 -0
data/spec/fixtures/test_ca_ocsp_chain.txt +0 -0
data/spec/fixtures/test_ca_ocsp_response.der +0 -0
data/spec/fixtures/test_ca_subroot.cer +0 -0
data/spec/fixtures/test_ca_subroot.key +0 -0
data/spec/fixtures/test_ca_subroot_ocsp.cer +0 -0
data/spec/fixtures/test_ca_subroot_ocsp.key +0 -0
data/spec/fixtures/test_ca_subroot_ocsp_response.der +0 -0
data/spec/fixtures/unknown_oid.csr +0 -0
data/spec/message_digest_spec.rb +104 -84
data/spec/ocsp_spec.rb +105 -105
data/spec/oid_mapper_spec.rb +21 -21
data/spec/private_key_spec.rb +275 -0
data/spec/r509_spec.rb +35 -0
data/spec/spec_helper.rb +15 -6
data/spec/spki_spec.rb +221 -142
data/spec/subject_spec.rb +232 -164
data/spec/validity_spec.rb +91 -91
metadata +79 -25
data/doc/R509/Config/CaProfile.html +0 -651
data/doc/R509/Crl/Administrator.html +0 -2073
data/lib/r509/certificateauthority.rb +0 -290
data/lib/r509/messagedigest.rb +0 -49
data/lib/r509/oidmapper.rb +0 -32
data/lib/r509/privatekey.rb +0 -185
data/spec/privatekey_spec.rb +0 -198

data/doc/R509/Cert.html CHANGED Viewed

@@ -6,7 +6,7 @@
 <title>
   Class: R509::Cert
-    &mdash; Documentation by YARD 0.8.2.1
+    &mdash; Documentation by YARD 0.8.5
 </title>
@@ -159,6 +159,35 @@
 <p>Returns the value of attribute cert.</p>
 </div></span>
+</li>
+      <li class="public ">
+  <span class="summary_signature">
+      <a href="#issuer-instance_method" title="#issuer (instance method)">- (Object) <strong>issuer</strong> </a>
+  </span>
+      <span class="note title readonly">readonly</span>
+    <span class="summary_desc"><div class='inline'>
+<p>Returns the value of attribute issuer.</p>
+</div></span>
 </li>
@@ -188,6 +217,35 @@
 <p>Returns the value of attribute key.</p>
 </div></span>
+</li>
+      <li class="public ">
+  <span class="summary_signature">
+      <a href="#subject-instance_method" title="#subject (instance method)">- (Object) <strong>subject</strong> </a>
+  </span>
+      <span class="note title readonly">readonly</span>
+    <span class="summary_desc"><div class='inline'>
+<p>Returns the value of attribute subject.</p>
+</div></span>
 </li>
@@ -240,10 +298,36 @@
         <li class="public ">
   <span class="summary_signature">
+      <a href="#all_names-instance_method" title="#all_names (instance method)">- (Array) <strong>all_names</strong> </a>
+  </span>
+    <span class="summary_desc"><div class='inline'>
+<p>Return the CN, as well as all the subject alternative names (SANs).</p>
+</div></span>
+</li>
+        <li class="public ">
+  <span class="summary_signature">
       <a href="#authority_info_access-instance_method" title="#authority_info_access (instance method)">- (R509::Cert::Extensions::AuthorityInfoAccess) <strong>authority_info_access</strong> </a>
+      (also: #aia)
   </span>
@@ -337,7 +421,7 @@ extension.</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#crl_distribution_points-instance_method" title="#crl_distribution_points (instance method)">- (R509::Cert::Extensions::CrlDistributionPoints) <strong>crl_distribution_points</strong> </a>
+      <a href="#certificate_policies-instance_method" title="#certificate_policies (instance method)">- (R509::Cert::Extensions::CertificatePolicies) <strong>certificate_policies</strong> </a>
@@ -352,7 +436,7 @@ extension.</p>
     <span class="summary_desc"><div class='inline'>
-<p>Returns this object's CrlDistributionPoints extension as an R509 extension.</p>
+<p>Returns this object's CertificatePolicies extension as an R509 extension.</p>
 </div></span>
 </li>
@@ -361,10 +445,12 @@ extension.</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#dsa%3F-instance_method" title="#dsa? (instance method)">- (Boolean) <strong>dsa?</strong> </a>
+      <a href="#crl_distribution_points-instance_method" title="#crl_distribution_points (instance method)">- (R509::Cert::Extensions::CRLDistributionPoints) <strong>crl_distribution_points</strong> </a>
+      (also: #cdp)
   </span>
@@ -376,7 +462,7 @@ extension.</p>
     <span class="summary_desc"><div class='inline'>
-<p>Returns whether the public key is DSA.</p>
+<p>Returns this object's CRLDistributionPoints extension as an R509 extension.</p>
 </div></span>
 </li>
@@ -385,7 +471,7 @@ extension.</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#extended_key_usage-instance_method" title="#extended_key_usage (instance method)">- (R509::Cert::Extensions::ExtendedKeyUsage) <strong>extended_key_usage</strong> </a>
+      <a href="#curve_name-instance_method" title="#curve_name (instance method)">- (String) <strong>curve_name</strong> </a>
@@ -400,7 +486,8 @@ extension.</p>
     <span class="summary_desc"><div class='inline'>
-<p>Returns this object's ExtendedKeyUsage extension as an R509 extension.</p>
+<p>Returns the short name of the elliptic curve used to generate the public
+key if the key is EC.</p>
 </div></span>
 </li>
@@ -409,7 +496,7 @@ extension.</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#extensions-instance_method" title="#extensions (instance method)">- (Array) <strong>extensions</strong> </a>
+      <a href="#dsa%3F-instance_method" title="#dsa? (instance method)">- (Boolean) <strong>dsa?</strong> </a>
@@ -424,7 +511,7 @@ extension.</p>
     <span class="summary_desc"><div class='inline'>
-<p>Return the certificate extensions.</p>
+<p>Returns whether the public key is DSA.</p>
 </div></span>
 </li>
@@ -433,7 +520,7 @@ extension.</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#fingerprint-instance_method" title="#fingerprint (instance method)">- (String) <strong>fingerprint</strong>(algorithm = 'sha1') </a>
+      <a href="#ec%3F-instance_method" title="#ec? (instance method)">- (Boolean) <strong>ec?</strong> </a>
@@ -448,8 +535,7 @@ extension.</p>
     <span class="summary_desc"><div class='inline'>
-<p>Returns the certificate fingerprint with the specified algorithm (default
-sha1).</p>
+<p>Returns whether the public key is EC.</p>
 </div></span>
 </li>
@@ -458,10 +544,12 @@ sha1).</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#has_private_key%3F-instance_method" title="#has_private_key? (instance method)">- (Boolean) <strong>has_private_key?</strong> </a>
+      <a href="#extended_key_usage-instance_method" title="#extended_key_usage (instance method)">- (R509::Cert::Extensions::ExtendedKeyUsage) <strong>extended_key_usage</strong> </a>
+      (also: #eku)
   </span>
@@ -473,7 +561,7 @@ sha1).</p>
     <span class="summary_desc"><div class='inline'>
-<p>Boolean of whether the object contains a private key.</p>
+<p>Returns this object's ExtendedKeyUsage extension as an R509 extension.</p>
 </div></span>
 </li>
@@ -482,15 +570,13 @@ sha1).</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#initialize-instance_method" title="#initialize (instance method)">- (Cert) <strong>initialize</strong>(opts = {}) </a>
+      <a href="#extensions-instance_method" title="#extensions (instance method)">- (Hash) <strong>extensions</strong> </a>
   </span>
-    <span class="note title constructor">constructor</span>
@@ -499,7 +585,8 @@ sha1).</p>
     <span class="summary_desc"><div class='inline'>
-<p>A new instance of Cert.</p>
+<p>Returns the certificate extensions as a hash of R509::Cert::Extensions
+specific objects.</p>
 </div></span>
 </li>
@@ -508,7 +595,7 @@ sha1).</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#is_revoked_by_crl%3F-instance_method" title="#is_revoked_by_crl? (instance method)">- (Boolean) <strong>is_revoked_by_crl?</strong>(r509_crl) </a>
+      <a href="#fingerprint-instance_method" title="#fingerprint (instance method)">- (String) <strong>fingerprint</strong>(algorithm = 'sha1') </a>
@@ -523,7 +610,8 @@ sha1).</p>
     <span class="summary_desc"><div class='inline'>
-<p>Checks the given CRL for this certificate's serial number.</p>
+<p>Returns the certificate fingerprint with the specified algorithm (default
+sha1).</p>
 </div></span>
 </li>
@@ -532,7 +620,7 @@ sha1).</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#issuer-instance_method" title="#issuer (instance method)">- (OpenSSL::X509::Name) <strong>issuer</strong> </a>
+      <a href="#has_private_key%3F-instance_method" title="#has_private_key? (instance method)">- (Boolean) <strong>has_private_key?</strong> </a>
@@ -547,7 +635,7 @@ sha1).</p>
     <span class="summary_desc"><div class='inline'>
-<p>Returns the issuer.</p>
+<p>Boolean of whether the object contains a private key.</p>
 </div></span>
 </li>
@@ -556,7 +644,7 @@ sha1).</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#issuer_cn-instance_method" title="#issuer_cn (instance method)">- (String) <strong>issuer_cn</strong> </a>
+      <a href="#hexserial-instance_method" title="#hexserial (instance method)">- (String) <strong>hexserial</strong> </a>
@@ -571,7 +659,7 @@ sha1).</p>
     <span class="summary_desc"><div class='inline'>
-<p>The common name (CN) component of the issuer.</p>
+<p>Returns the serial number of the certificate in hexadecimal form.</p>
 </div></span>
 </li>
@@ -580,7 +668,7 @@ sha1).</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#key_algorithm-instance_method" title="#key_algorithm (instance method)">- (String) <strong>key_algorithm</strong> </a>
+      <a href="#inhibit_any_policy-instance_method" title="#inhibit_any_policy (instance method)">- (R509::Cert::Extensions::InhibitAnyPolicy) <strong>inhibit_any_policy</strong> </a>
@@ -595,7 +683,7 @@ sha1).</p>
     <span class="summary_desc"><div class='inline'>
-<p>Returns key algorithm (RSA or DSA).</p>
+<p>Returns this object's InhibitAnyPolicy extension as an R509 extension.</p>
 </div></span>
 </li>
@@ -604,13 +692,15 @@ sha1).</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#key_usage-instance_method" title="#key_usage (instance method)">- (R509::Cert::Extensions::KeyUsage) <strong>key_usage</strong> </a>
+      <a href="#initialize-instance_method" title="#initialize (instance method)">- (Cert) <strong>initialize</strong>(opts = {}) </a>
   </span>
+    <span class="note title constructor">constructor</span>
@@ -619,7 +709,7 @@ sha1).</p>
     <span class="summary_desc"><div class='inline'>
-<p>Returns this object's KeyUsage extension as an R509 extension.</p>
+<p>A new instance of Cert.</p>
 </div></span>
 </li>
@@ -628,7 +718,7 @@ sha1).</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#not_after-instance_method" title="#not_after (instance method)">- (Time) <strong>not_after</strong> </a>
+      <a href="#is_revoked_by_crl%3F-instance_method" title="#is_revoked_by_crl? (instance method)">- (Boolean) <strong>is_revoked_by_crl?</strong>(r509_crl) </a>
@@ -643,7 +733,7 @@ sha1).</p>
     <span class="summary_desc"><div class='inline'>
-<p>Returns ending (notAfter) of certificate validity period.</p>
+<p>Checks the given CRL for this certificate's serial number.</p>
 </div></span>
 </li>
@@ -652,7 +742,7 @@ sha1).</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#not_before-instance_method" title="#not_before (instance method)">- (Time) <strong>not_before</strong> </a>
+      <a href="#key_algorithm-instance_method" title="#key_algorithm (instance method)">- (Symbol) <strong>key_algorithm</strong> </a>
@@ -667,7 +757,7 @@ sha1).</p>
     <span class="summary_desc"><div class='inline'>
-<p>Returns beginning (notBefore) of certificate validity period.</p>
+<p>Returns key algorithm (RSA, DSA, EC).</p>
 </div></span>
 </li>
@@ -676,10 +766,12 @@ sha1).</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#public_key-instance_method" title="#public_key (instance method)">- (OpenSSL::PKey::RSA) <strong>public_key</strong> </a>
+      <a href="#key_usage-instance_method" title="#key_usage (instance method)">- (R509::Cert::Extensions::KeyUsage) <strong>key_usage</strong> </a>
+      (also: #ku)
   </span>
@@ -691,7 +783,7 @@ sha1).</p>
     <span class="summary_desc"><div class='inline'>
-<p>Returns the certificate public key.</p>
+<p>Returns this object's KeyUsage extension as an R509 extension.</p>
 </div></span>
 </li>
@@ -700,7 +792,7 @@ sha1).</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#r509_extensions-instance_method" title="#r509_extensions (instance method)">- (Hash) <strong>r509_extensions</strong> </a>
+      <a href="#name_constraints-instance_method" title="#name_constraints (instance method)">- (R509::Cert::Extensions::NameConstraints) <strong>name_constraints</strong> </a>
@@ -715,8 +807,7 @@ sha1).</p>
     <span class="summary_desc"><div class='inline'>
-<p>Returns the certificate extensions as a hash of R509::Cert::Extensions
-specific objects.</p>
+<p>Returns this object's NameConstraints extension as an R509 extension.</p>
 </div></span>
 </li>
@@ -725,7 +816,7 @@ specific objects.</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#rsa%3F-instance_method" title="#rsa? (instance method)">- (Boolean) <strong>rsa?</strong> </a>
+      <a href="#not_after-instance_method" title="#not_after (instance method)">- (Time) <strong>not_after</strong> </a>
@@ -740,7 +831,7 @@ specific objects.</p>
     <span class="summary_desc"><div class='inline'>
-<p>Returns whether the public key is RSA.</p>
+<p>Returns ending (notAfter) of certificate validity period.</p>
 </div></span>
 </li>
@@ -749,7 +840,7 @@ specific objects.</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#san_names-instance_method" title="#san_names (instance method)">- (Array) <strong>san_names</strong> </a>
+      <a href="#not_before-instance_method" title="#not_before (instance method)">- (Time) <strong>not_before</strong> </a>
@@ -764,7 +855,7 @@ specific objects.</p>
     <span class="summary_desc"><div class='inline'>
-<p>List of SAN DNS names.</p>
+<p>Returns beginning (notBefore) of certificate validity period.</p>
 </div></span>
 </li>
@@ -773,7 +864,7 @@ specific objects.</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#serial-instance_method" title="#serial (instance method)">- (Integer) <strong>serial</strong> </a>
+      <a href="#ocsp_no_check%3F-instance_method" title="#ocsp_no_check? (instance method)">- (Boolean) <strong>ocsp_no_check?</strong> </a>
@@ -788,7 +879,8 @@ specific objects.</p>
     <span class="summary_desc"><div class='inline'>
-<p>Returns the serial number of the certificate in decimal form.</p>
+<p>Returns true if the OCSP No Check extension is present (value is irrelevant
+to this extension).</p>
 </div></span>
 </li>
@@ -797,7 +889,7 @@ specific objects.</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#signature_algorithm-instance_method" title="#signature_algorithm (instance method)">- (String) <strong>signature_algorithm</strong> </a>
+      <a href="#policy_constraints-instance_method" title="#policy_constraints (instance method)">- (R509::Cert::Extensions::PolicyConstraints) <strong>policy_constraints</strong> </a>
@@ -812,7 +904,7 @@ specific objects.</p>
     <span class="summary_desc"><div class='inline'>
-<p>Returns signature algorithm.</p>
+<p>Returns this object's PolicyConstraints extension as an R509 extension.</p>
 </div></span>
 </li>
@@ -821,7 +913,7 @@ specific objects.</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#subject-instance_method" title="#subject (instance method)">- (OpenSSL::X509::Name) <strong>subject</strong> </a>
+      <a href="#public_key-instance_method" title="#public_key (instance method)">- (OpenSSL::PKey::RSA) <strong>public_key</strong> </a>
@@ -836,7 +928,7 @@ specific objects.</p>
     <span class="summary_desc"><div class='inline'>
-<p>Returns the subject.</p>
+<p>Returns the certificate public key.</p>
 </div></span>
 </li>
@@ -845,7 +937,7 @@ specific objects.</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#subject_alternative_name-instance_method" title="#subject_alternative_name (instance method)">- (R509::Cert::Extensions::SubjectAlternativeName) <strong>subject_alternative_name</strong> </a>
+      <a href="#rsa%3F-instance_method" title="#rsa? (instance method)">- (Boolean) <strong>rsa?</strong> </a>
@@ -860,8 +952,7 @@ specific objects.</p>
     <span class="summary_desc"><div class='inline'>
-<p>Returns this object's SubjectAlternativeName extension as an R509
-extension.</p>
+<p>Returns whether the public key is RSA.</p>
 </div></span>
 </li>
@@ -870,7 +961,7 @@ extension.</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#subject_cn-instance_method" title="#subject_cn (instance method)">- (String) <strong>subject_cn</strong> </a>
+      <a href="#serial-instance_method" title="#serial (instance method)">- (Integer) <strong>serial</strong> </a>
@@ -885,7 +976,7 @@ extension.</p>
     <span class="summary_desc"><div class='inline'>
-<p>Returns the CN component, if any, of the subject.</p>
+<p>Returns the serial number of the certificate in decimal form.</p>
 </div></span>
 </li>
@@ -894,7 +985,7 @@ extension.</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#subject_component-instance_method" title="#subject_component (instance method)">- (String) <strong>subject_component</strong>(short_name) </a>
+      <a href="#signature_algorithm-instance_method" title="#signature_algorithm (instance method)">- (String) <strong>signature_algorithm</strong> </a>
@@ -909,7 +1000,7 @@ extension.</p>
     <span class="summary_desc"><div class='inline'>
-<p>Returns subject component.</p>
+<p>Returns signature algorithm.</p>
 </div></span>
 </li>
@@ -918,10 +1009,12 @@ extension.</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#subject_key_identifier-instance_method" title="#subject_key_identifier (instance method)">- (R509::Cert::Extensions::SubjectKeyIdentifier) <strong>subject_key_identifier</strong> </a>
+      <a href="#subject_alternative_name-instance_method" title="#subject_alternative_name (instance method)">- (R509::Cert::Extensions::SubjectAlternativeName) <strong>subject_alternative_name</strong> </a>
+      (also: #san, #subject_alt_name)
   </span>
@@ -933,7 +1026,8 @@ extension.</p>
     <span class="summary_desc"><div class='inline'>
-<p>Returns this object's SubjectKeyIdentifier extension as an R509 extension.</p>
+<p>Returns this object's SubjectAlternativeName extension as an R509
+extension.</p>
 </div></span>
 </li>
@@ -942,7 +1036,7 @@ extension.</p>
         <li class="public ">
   <span class="summary_signature">
-      <a href="#subject_names-instance_method" title="#subject_names (instance method)">- (Array) <strong>subject_names</strong> </a>
+      <a href="#subject_key_identifier-instance_method" title="#subject_key_identifier (instance method)">- (R509::Cert::Extensions::SubjectKeyIdentifier) <strong>subject_key_identifier</strong> </a>
@@ -957,7 +1051,7 @@ extension.</p>
     <span class="summary_desc"><div class='inline'>
-<p>Return the CN, as well as all the subject alternative names (SANs).</p>
+<p>Returns this object's SubjectKeyIdentifier extension as an R509 extension.</p>
 </div></span>
 </li>
@@ -1314,44 +1408,36 @@ support)</p>
 39
 40
 41
-42
-43
-44
-45
-46</pre>
+42</pre>
     </td>
     <td>
       <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 17</span>
 <span class='kw'>def</span> <span class='id identifier rubyid_initialize'>initialize</span><span class='lparen'>(</span><span class='id identifier rubyid_opts'>opts</span><span class='op'>=</span><span class='lbrace'>{</span><span class='rbrace'>}</span><span class='rparen'>)</span>
-    <span class='kw'>if</span> <span class='kw'>not</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span><span class='lparen'>(</span><span class='const'>Hash</span><span class='rparen'>)</span>
-        <span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>Must provide a hash of options</span><span class='tstring_end'>'</span></span>
-    <span class='kw'>end</span>
-    <span class='kw'>if</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_has_key?'>has_key?</span><span class='lparen'>(</span><span class='symbol'>:pkcs12</span><span class='rparen'>)</span> <span class='kw'>and</span> <span class='lparen'>(</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_has_key?'>has_key?</span><span class='lparen'>(</span><span class='symbol'>:key</span><span class='rparen'>)</span> <span class='kw'>or</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_has_key?'>has_key?</span><span class='lparen'>(</span><span class='symbol'>:cert</span><span class='rparen'>)</span> <span class='rparen'>)</span>
-        <span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>When providing pkcs12, do not pass cert or key</span><span class='tstring_end'>&quot;</span></span>
-    <span class='kw'>elsif</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_has_key?'>has_key?</span><span class='lparen'>(</span><span class='symbol'>:pkcs12</span><span class='rparen'>)</span>
-        <span class='id identifier rubyid_pkcs12'>pkcs12</span> <span class='op'>=</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>PKCS12</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:pkcs12</span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:password</span><span class='rbracket'>]</span> <span class='rparen'>)</span>
-        <span class='id identifier rubyid_parse_certificate'>parse_certificate</span><span class='lparen'>(</span><span class='id identifier rubyid_pkcs12'>pkcs12</span><span class='period'>.</span><span class='id identifier rubyid_certificate'>certificate</span><span class='rparen'>)</span>
-        <span class='ivar'>@key</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>PrivateKey</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span> <span class='symbol'>:key</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_pkcs12'>pkcs12</span><span class='period'>.</span><span class='id identifier rubyid_key'>key</span> <span class='rparen'>)</span>
-    <span class='kw'>elsif</span> <span class='kw'>not</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_has_key?'>has_key?</span><span class='lparen'>(</span><span class='symbol'>:cert</span><span class='rparen'>)</span>
-        <span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>Must provide :cert or :pkcs12</span><span class='tstring_end'>'</span></span>
+  <span class='kw'>if</span> <span class='kw'>not</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span><span class='lparen'>(</span><span class='const'>Hash</span><span class='rparen'>)</span>
+    <span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>Must provide a hash of options</span><span class='tstring_end'>'</span></span>
+  <span class='kw'>end</span>
+  <span class='kw'>if</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_has_key?'>has_key?</span><span class='lparen'>(</span><span class='symbol'>:pkcs12</span><span class='rparen'>)</span> <span class='kw'>and</span> <span class='lparen'>(</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_has_key?'>has_key?</span><span class='lparen'>(</span><span class='symbol'>:key</span><span class='rparen'>)</span> <span class='kw'>or</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_has_key?'>has_key?</span><span class='lparen'>(</span><span class='symbol'>:cert</span><span class='rparen'>)</span> <span class='rparen'>)</span>
+    <span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>When providing pkcs12, do not pass cert or key</span><span class='tstring_end'>&quot;</span></span>
+  <span class='kw'>elsif</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_has_key?'>has_key?</span><span class='lparen'>(</span><span class='symbol'>:pkcs12</span><span class='rparen'>)</span>
+    <span class='id identifier rubyid_pkcs12'>pkcs12</span> <span class='op'>=</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>PKCS12</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:pkcs12</span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:password</span><span class='rbracket'>]</span> <span class='rparen'>)</span>
+    <span class='id identifier rubyid_parse_certificate'>parse_certificate</span><span class='lparen'>(</span><span class='id identifier rubyid_pkcs12'>pkcs12</span><span class='period'>.</span><span class='id identifier rubyid_certificate'>certificate</span><span class='rparen'>)</span>
+    <span class='id identifier rubyid_key'>key</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>PrivateKey</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span> <span class='symbol'>:key</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_pkcs12'>pkcs12</span><span class='period'>.</span><span class='id identifier rubyid_key'>key</span> <span class='rparen'>)</span>
+  <span class='kw'>elsif</span> <span class='kw'>not</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_has_key?'>has_key?</span><span class='lparen'>(</span><span class='symbol'>:cert</span><span class='rparen'>)</span>
+    <span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>Must provide :cert or :pkcs12</span><span class='tstring_end'>'</span></span>
+  <span class='kw'>else</span>
+    <span class='id identifier rubyid_csr_check'>csr_check</span><span class='lparen'>(</span><span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:cert</span><span class='rbracket'>]</span><span class='rparen'>)</span>
+    <span class='id identifier rubyid_parse_certificate'>parse_certificate</span><span class='lparen'>(</span><span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:cert</span><span class='rbracket'>]</span><span class='rparen'>)</span>
+  <span class='kw'>end</span>
+  <span class='kw'>if</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_has_key?'>has_key?</span><span class='lparen'>(</span><span class='symbol'>:key</span><span class='rparen'>)</span>
+    <span class='kw'>if</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:key</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span><span class='lparen'>(</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>PrivateKey</span><span class='rparen'>)</span>
+      <span class='id identifier rubyid_key'>key</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:key</span><span class='rbracket'>]</span>
     <span class='kw'>else</span>
-        <span class='id identifier rubyid_csr_check'>csr_check</span><span class='lparen'>(</span><span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:cert</span><span class='rbracket'>]</span><span class='rparen'>)</span>
-        <span class='id identifier rubyid_parse_certificate'>parse_certificate</span><span class='lparen'>(</span><span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:cert</span><span class='rbracket'>]</span><span class='rparen'>)</span>
-    <span class='kw'>end</span>
-    <span class='kw'>if</span> <span class='id identifier rubyid_opts'>opts</span><span class='period'>.</span><span class='id identifier rubyid_has_key?'>has_key?</span><span class='lparen'>(</span><span class='symbol'>:key</span><span class='rparen'>)</span>
-        <span class='kw'>if</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:key</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span><span class='lparen'>(</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>PrivateKey</span><span class='rparen'>)</span>
-            <span class='ivar'>@key</span> <span class='op'>=</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:key</span><span class='rbracket'>]</span>
-        <span class='kw'>else</span>
-            <span class='ivar'>@key</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>PrivateKey</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span> <span class='symbol'>:key</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:key</span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='symbol'>:password</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:password</span><span class='rbracket'>]</span> <span class='rparen'>)</span>
-        <span class='kw'>end</span>
-    <span class='kw'>end</span>
-    <span class='kw'>if</span> <span class='kw'>not</span> <span class='ivar'>@key</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
-        <span class='kw'>if</span> <span class='kw'>not</span> <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_public_key'>public_key</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span> <span class='op'>==</span> <span class='ivar'>@key</span><span class='period'>.</span><span class='id identifier rubyid_public_key'>public_key</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span> <span class='kw'>then</span>
-            <span class='id identifier rubyid_raise'>raise</span> <span class='const'>R509Error</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>Key does not match cert.</span><span class='tstring_end'>'</span></span>
-        <span class='kw'>end</span>
+      <span class='id identifier rubyid_key'>key</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>PrivateKey</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span> <span class='symbol'>:key</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:key</span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='symbol'>:password</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_opts'>opts</span><span class='lbracket'>[</span><span class='symbol'>:password</span><span class='rbracket'>]</span> <span class='rparen'>)</span>
     <span class='kw'>end</span>
+  <span class='kw'>end</span>
+  <span class='id identifier rubyid_associate_private_key'>associate_private_key</span><span class='lparen'>(</span><span class='id identifier rubyid_key'>key</span><span class='rparen'>)</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -1407,6 +1493,49 @@ support)</p>
 </div>
+      <span id=""></span>
+      <div class="method_details ">
+  <h3 class="signature " id="issuer-instance_method">
+    - (<tt>Object</tt>) <strong>issuer</strong>  <span class="extras">(readonly)</span>
+</h3><div class="docstring">
+  <div class="discussion">
+<p>Returns the value of attribute issuer</p>
+  </div>
+</div>
+<div class="tags">
+</div><table class="source_code">
+  <tr>
+    <td>
+      <pre class="lines">
+11
+12
+13</pre>
+    </td>
+    <td>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 11</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_issuer'>issuer</span>
+  <span class='ivar'>@issuer</span>
+<span class='kw'>end</span></pre>
+    </td>
+  </tr>
+</table>
+</div>
       <span id=""></span>
       <div class="method_details ">
   <h3 class="signature " id="key-instance_method">
@@ -1449,6 +1578,49 @@ support)</p>
 </table>
 </div>
+      <span id=""></span>
+      <div class="method_details ">
+  <h3 class="signature " id="subject-instance_method">
+    - (<tt>Object</tt>) <strong>subject</strong>  <span class="extras">(readonly)</span>
+</h3><div class="docstring">
+  <div class="discussion">
+<p>Returns the value of attribute subject</p>
+  </div>
+</div>
+<div class="tags">
+</div><table class="source_code">
+  <tr>
+    <td>
+      <pre class="lines">
+11
+12
+13</pre>
+    </td>
+    <td>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 11</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_subject'>subject</span>
+  <span class='ivar'>@subject</span>
+<span class='kw'>end</span></pre>
+    </td>
+  </tr>
+</table>
+</div>
   </div>
@@ -1520,15 +1692,15 @@ support)</p>
       <pre class="lines">
-52
-53
-54</pre>
+48
+49
+50</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 52</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 48</span>
 <span class='kw'>def</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_load_from_file'>load_from_file</span><span class='lparen'>(</span> <span class='id identifier rubyid_filename'>filename</span> <span class='rparen'>)</span>
-    <span class='kw'>return</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='symbol'>:cert</span> <span class='op'>=&gt;</span> <span class='const'>IOHelpers</span><span class='period'>.</span><span class='id identifier rubyid_read_data'>read_data</span><span class='lparen'>(</span><span class='id identifier rubyid_filename'>filename</span><span class='rparen'>)</span> <span class='rparen'>)</span>
+  <span class='kw'>return</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='symbol'>:cert</span> <span class='op'>=&gt;</span> <span class='const'>IOHelpers</span><span class='period'>.</span><span class='id identifier rubyid_read_data'>read_data</span><span class='lparen'>(</span><span class='id identifier rubyid_filename'>filename</span><span class='rparen'>)</span> <span class='rparen'>)</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -1542,9 +1714,9 @@ support)</p>
       <div class="method_details first">
-  <h3 class="signature first" id="authority_info_access-instance_method">
+  <h3 class="signature first" id="all_names-instance_method">
-    - (<tt><span class='object_link'><a href="Cert/Extensions/AuthorityInfoAccess.html" title="R509::Cert::Extensions::AuthorityInfoAccess (class)">R509::Cert::Extensions::AuthorityInfoAccess</a></span></tt>) <strong>authority_info_access</strong>
+    - (<tt>Array</tt>) <strong>all_names</strong>
@@ -1553,7 +1725,7 @@ support)</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns this object's AuthorityInfoAccess extension as an R509 extension</p>
+<p>Return the CN, as well as all the subject alternative names (SANs).</p>
   </div>
@@ -1566,14 +1738,14 @@ support)</p>
     <li>
-        <span class='type'>(<tt><span class='object_link'><a href="Cert/Extensions/AuthorityInfoAccess.html" title="R509::Cert::Extensions::AuthorityInfoAccess (class)">R509::Cert::Extensions::AuthorityInfoAccess</a></span></tt>)</span>
+        <span class='type'>(<tt>Array</tt>)</span>
         &mdash;
         <div class='inline'>
-<p>The object, or nil if this cert does not have a AuthorityInfoAccess
-extension.</p>
+<p>the array of names. Returns an empty array if there are no names, at all.
+Discards SAN types</p>
 </div>
     </li>
@@ -1586,15 +1758,23 @@ extension.</p>
       <pre class="lines">
-385
-386
-387</pre>
+156
+157
+158
+159
+160
+161
+162</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 385</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 156</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_authority_info_access'>authority_info_access</span>
-    <span class='kw'>return</span> <span class='id identifier rubyid_r509_extensions'>r509_extensions</span><span class='lbracket'>[</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>AuthorityInfoAccess</span><span class='rbracket'>]</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_all_names'>all_names</span>
+  <span class='id identifier rubyid_ret'>ret</span> <span class='op'>=</span> <span class='lbracket'>[</span><span class='rbracket'>]</span>
+  <span class='id identifier rubyid_ret'>ret</span> <span class='op'>&lt;&lt;</span> <span class='ivar'>@subject</span><span class='period'>.</span><span class='const'>CN</span> <span class='kw'>unless</span> <span class='ivar'>@subject</span><span class='period'>.</span><span class='const'>CN</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
+  <span class='id identifier rubyid_ret'>ret</span><span class='period'>.</span><span class='id identifier rubyid_concat'>concat</span><span class='lparen'>(</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_san'>san</span><span class='period'>.</span><span class='id identifier rubyid_names'>names</span><span class='period'>.</span><span class='id identifier rubyid_map'>map</span> <span class='lbrace'>{</span> <span class='op'>|</span><span class='id identifier rubyid_n'>n</span><span class='op'>|</span> <span class='id identifier rubyid_n'>n</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span> <span class='rbrace'>}</span> <span class='rparen'>)</span> <span class='kw'>unless</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_san'>san</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
+  <span class='kw'>return</span> <span class='id identifier rubyid_ret'>ret</span><span class='period'>.</span><span class='id identifier rubyid_sort'>sort</span><span class='period'>.</span><span class='id identifier rubyid_uniq'>uniq</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -1602,18 +1782,24 @@ extension.</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="authority_key_identifier-instance_method">
+  <h3 class="signature " id="authority_info_access-instance_method">
-    - (<tt><span class='object_link'><a href="Cert/Extensions/AuthorityKeyIdentifier.html" title="R509::Cert::Extensions::AuthorityKeyIdentifier (class)">R509::Cert::Extensions::AuthorityKeyIdentifier</a></span></tt>) <strong>authority_key_identifier</strong>
+    - (<tt><span class='object_link'><a href="Cert/Extensions/AuthorityInfoAccess.html" title="R509::Cert::Extensions::AuthorityInfoAccess (class)">R509::Cert::Extensions::AuthorityInfoAccess</a></span></tt>) <strong>authority_info_access</strong>
+    <span class="aliases">Also known as:
+    <span class="names"><span id='aia-instance_method'>aia</span></span>
+    </span>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns this object's AuthorityKeyIdentifier extension as an R509 extension</p>
+<p>Returns this object's AuthorityInfoAccess extension as an R509 extension</p>
+<p>if this cert does not have a AuthorityInfoAccess extension.</p>
   </div>
@@ -1626,14 +1812,13 @@ extension.</p>
     <li>
-        <span class='type'>(<tt><span class='object_link'><a href="Cert/Extensions/AuthorityKeyIdentifier.html" title="R509::Cert::Extensions::AuthorityKeyIdentifier (class)">R509::Cert::Extensions::AuthorityKeyIdentifier</a></span></tt>)</span>
+        <span class='type'>(<tt><span class='object_link'><a href="Cert/Extensions/AuthorityInfoAccess.html" title="R509::Cert::Extensions::AuthorityInfoAccess (class)">R509::Cert::Extensions::AuthorityInfoAccess</a></span></tt>)</span>
         &mdash;
         <div class='inline'>
-<p>The object, or nil if this cert does not have a AuthorityKeyIdentifier
-extension.</p>
+<p>The object, or nil</p>
 </div>
     </li>
@@ -1646,15 +1831,15 @@ extension.</p>
       <pre class="lines">
-369
-370
-371</pre>
+349
+350
+351</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 369</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 349</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_authority_key_identifier'>authority_key_identifier</span>
-    <span class='kw'>return</span> <span class='id identifier rubyid_r509_extensions'>r509_extensions</span><span class='lbracket'>[</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>AuthorityKeyIdentifier</span><span class='rbracket'>]</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_authority_info_access'>authority_info_access</span>
+  <span class='kw'>return</span> <span class='id identifier rubyid_extensions'>extensions</span><span class='lbracket'>[</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>AuthorityInfoAccess</span><span class='rbracket'>]</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -1662,9 +1847,9 @@ extension.</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="basic_constraints-instance_method">
+  <h3 class="signature " id="authority_key_identifier-instance_method">
-    - (<tt><span class='object_link'><a href="Cert/Extensions/BasicConstraints.html" title="R509::Cert::Extensions::BasicConstraints (class)">R509::Cert::Extensions::BasicConstraints</a></span></tt>) <strong>basic_constraints</strong>
+    - (<tt><span class='object_link'><a href="Cert/Extensions/AuthorityKeyIdentifier.html" title="R509::Cert::Extensions::AuthorityKeyIdentifier (class)">R509::Cert::Extensions::AuthorityKeyIdentifier</a></span></tt>) <strong>authority_key_identifier</strong>
@@ -1673,7 +1858,9 @@ extension.</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns this object's BasicConstraints extension as an R509 extension</p>
+<p>Returns this object's AuthorityKeyIdentifier extension as an R509 extension</p>
+<p>if this cert does not have a AuthorityKeyIdentifier extension.</p>
   </div>
@@ -1686,13 +1873,13 @@ extension.</p>
     <li>
-        <span class='type'>(<tt><span class='object_link'><a href="Cert/Extensions/BasicConstraints.html" title="R509::Cert::Extensions::BasicConstraints (class)">R509::Cert::Extensions::BasicConstraints</a></span></tt>)</span>
+        <span class='type'>(<tt><span class='object_link'><a href="Cert/Extensions/AuthorityKeyIdentifier.html" title="R509::Cert::Extensions::AuthorityKeyIdentifier (class)">R509::Cert::Extensions::AuthorityKeyIdentifier</a></span></tt>)</span>
         &mdash;
         <div class='inline'>
-<p>The object, or nil if this cert does not have a BasicConstraints extension.</p>
+<p>The object, or nil</p>
 </div>
     </li>
@@ -1705,15 +1892,15 @@ extension.</p>
       <pre class="lines">
-337
-338
-339</pre>
+331
+332
+333</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 337</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 331</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_basic_constraints'>basic_constraints</span>
-    <span class='kw'>return</span> <span class='id identifier rubyid_r509_extensions'>r509_extensions</span><span class='lbracket'>[</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>BasicConstraints</span><span class='rbracket'>]</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_authority_key_identifier'>authority_key_identifier</span>
+  <span class='kw'>return</span> <span class='id identifier rubyid_extensions'>extensions</span><span class='lbracket'>[</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>AuthorityKeyIdentifier</span><span class='rbracket'>]</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -1721,9 +1908,9 @@ extension.</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="bit_strength-instance_method">
+  <h3 class="signature " id="basic_constraints-instance_method">
-    - (<tt>Integer</tt>) <strong>bit_strength</strong>
+    - (<tt><span class='object_link'><a href="Cert/Extensions/BasicConstraints.html" title="R509::Cert::Extensions::BasicConstraints (class)">R509::Cert::Extensions::BasicConstraints</a></span></tt>) <strong>basic_constraints</strong>
@@ -1732,7 +1919,9 @@ extension.</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns the bit strength of the key used to create the certificate</p>
+<p>Returns this object's BasicConstraints extension as an R509 extension</p>
+<p>if this cert does not have a BasicConstraints extension.</p>
   </div>
@@ -1745,13 +1934,13 @@ extension.</p>
     <li>
-        <span class='type'>(<tt>Integer</tt>)</span>
+        <span class='type'>(<tt><span class='object_link'><a href="Cert/Extensions/BasicConstraints.html" title="R509::Cert::Extensions::BasicConstraints (class)">R509::Cert::Extensions::BasicConstraints</a></span></tt>)</span>
         &mdash;
         <div class='inline'>
-<p>integer value of bit strength</p>
+<p>The object, or nil</p>
 </div>
     </li>
@@ -1764,23 +1953,15 @@ extension.</p>
       <pre class="lines">
-230
-231
-232
-233
-234
-235
-236</pre>
+297
+298
+299</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 230</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 297</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_bit_strength'>bit_strength</span>
-    <span class='kw'>if</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_rsa?'>rsa?</span>
-        <span class='kw'>return</span> <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_public_key'>public_key</span><span class='period'>.</span><span class='id identifier rubyid_n'>n</span><span class='period'>.</span><span class='id identifier rubyid_num_bits'>num_bits</span>
-    <span class='kw'>elsif</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_dsa?'>dsa?</span>
-        <span class='kw'>return</span> <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_public_key'>public_key</span><span class='period'>.</span><span class='id identifier rubyid_p'>p</span><span class='period'>.</span><span class='id identifier rubyid_num_bits'>num_bits</span>
-    <span class='kw'>end</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_basic_constraints'>basic_constraints</span>
+  <span class='kw'>return</span> <span class='id identifier rubyid_extensions'>extensions</span><span class='lbracket'>[</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>BasicConstraints</span><span class='rbracket'>]</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -1788,9 +1969,9 @@ extension.</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="crl_distribution_points-instance_method">
+  <h3 class="signature " id="bit_strength-instance_method">
-    - (<tt><span class='object_link'><a href="Cert/Extensions/CrlDistributionPoints.html" title="R509::Cert::Extensions::CrlDistributionPoints (class)">R509::Cert::Extensions::CrlDistributionPoints</a></span></tt>) <strong>crl_distribution_points</strong>
+    - (<tt>Integer</tt>) <strong>bit_strength</strong>
@@ -1799,7 +1980,7 @@ extension.</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns this object's CrlDistributionPoints extension as an R509 extension</p>
+<p>Returns the bit strength of the key used to create the certificate</p>
   </div>
@@ -1812,14 +1993,13 @@ extension.</p>
     <li>
-        <span class='type'>(<tt><span class='object_link'><a href="Cert/Extensions/CrlDistributionPoints.html" title="R509::Cert::Extensions::CrlDistributionPoints (class)">R509::Cert::Extensions::CrlDistributionPoints</a></span></tt>)</span>
+        <span class='type'>(<tt>Integer</tt>)</span>
         &mdash;
         <div class='inline'>
-<p>The object, or nil if this cert does not have a CrlDistributionPoints
-extension.</p>
+<p>integer value of bit strength</p>
 </div>
     </li>
@@ -1832,15 +2012,27 @@ extension.</p>
       <pre class="lines">
-393
-394
-395</pre>
+188
+189
+190
+191
+192
+193
+194
+195
+196</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 393</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 188</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_crl_distribution_points'>crl_distribution_points</span>
-    <span class='kw'>return</span> <span class='id identifier rubyid_r509_extensions'>r509_extensions</span><span class='lbracket'>[</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>CrlDistributionPoints</span><span class='rbracket'>]</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_bit_strength'>bit_strength</span>
+  <span class='kw'>if</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_rsa?'>rsa?</span>
+    <span class='kw'>return</span> <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_public_key'>public_key</span><span class='period'>.</span><span class='id identifier rubyid_n'>n</span><span class='period'>.</span><span class='id identifier rubyid_num_bits'>num_bits</span>
+  <span class='kw'>elsif</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_dsa?'>dsa?</span>
+    <span class='kw'>return</span> <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_public_key'>public_key</span><span class='period'>.</span><span class='id identifier rubyid_p'>p</span><span class='period'>.</span><span class='id identifier rubyid_num_bits'>num_bits</span>
+  <span class='kw'>elsif</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_ec?'>ec?</span>
+    <span class='id identifier rubyid_raise'>raise</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>R509Error</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>Bit strength is not available for EC at this time.</span><span class='tstring_end'>'</span></span>
+  <span class='kw'>end</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -1848,9 +2040,9 @@ extension.</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="dsa?-instance_method">
+  <h3 class="signature " id="certificate_policies-instance_method">
-    - (<tt>Boolean</tt>) <strong>dsa?</strong>
+    - (<tt><span class='object_link'><a href="Cert/Extensions/CertificatePolicies.html" title="R509::Cert::Extensions::CertificatePolicies (class)">R509::Cert::Extensions::CertificatePolicies</a></span></tt>) <strong>certificate_policies</strong>
@@ -1859,7 +2051,9 @@ extension.</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns whether the public key is DSA</p>
+<p>Returns this object's CertificatePolicies extension as an R509 extension</p>
+<p>if this cert does not have a CertificatePolicies extension.</p>
   </div>
@@ -1872,13 +2066,13 @@ extension.</p>
     <li>
-        <span class='type'>(<tt>Boolean</tt>)</span>
+        <span class='type'>(<tt><span class='object_link'><a href="Cert/Extensions/CertificatePolicies.html" title="R509::Cert::Extensions::CertificatePolicies (class)">R509::Cert::Extensions::CertificatePolicies</a></span></tt>)</span>
         &mdash;
         <div class='inline'>
-<p>true if the public key is DSA, false otherwise</p>
+<p>The object, or nil</p>
 </div>
     </li>
@@ -1891,15 +2085,15 @@ extension.</p>
       <pre class="lines">
-223
-224
-225</pre>
+375
+376
+377</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 223</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 375</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_dsa?'>dsa?</span>
-    <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_public_key'>public_key</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span><span class='lparen'>(</span><span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>PKey</span><span class='op'>::</span><span class='const'>DSA</span><span class='rparen'>)</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_certificate_policies'>certificate_policies</span>
+  <span class='kw'>return</span> <span class='id identifier rubyid_extensions'>extensions</span><span class='lbracket'>[</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>CertificatePolicies</span><span class='rbracket'>]</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -1907,18 +2101,24 @@ extension.</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="extended_key_usage-instance_method">
+  <h3 class="signature " id="crl_distribution_points-instance_method">
-    - (<tt><span class='object_link'><a href="Cert/Extensions/ExtendedKeyUsage.html" title="R509::Cert::Extensions::ExtendedKeyUsage (class)">R509::Cert::Extensions::ExtendedKeyUsage</a></span></tt>) <strong>extended_key_usage</strong>
+    - (<tt><span class='object_link'><a href="Cert/Extensions/CRLDistributionPoints.html" title="R509::Cert::Extensions::CRLDistributionPoints (class)">R509::Cert::Extensions::CRLDistributionPoints</a></span></tt>) <strong>crl_distribution_points</strong>
+    <span class="aliases">Also known as:
+    <span class="names"><span id='cdp-instance_method'>cdp</span></span>
+    </span>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns this object's ExtendedKeyUsage extension as an R509 extension</p>
+<p>Returns this object's CRLDistributionPoints extension as an R509 extension</p>
+<p>if this cert does not have a CRLDistributionPoints extension.</p>
   </div>
@@ -1931,13 +2131,13 @@ extension.</p>
     <li>
-        <span class='type'>(<tt><span class='object_link'><a href="Cert/Extensions/ExtendedKeyUsage.html" title="R509::Cert::Extensions::ExtendedKeyUsage (class)">R509::Cert::Extensions::ExtendedKeyUsage</a></span></tt>)</span>
+        <span class='type'>(<tt><span class='object_link'><a href="Cert/Extensions/CRLDistributionPoints.html" title="R509::Cert::Extensions::CRLDistributionPoints (class)">R509::Cert::Extensions::CRLDistributionPoints</a></span></tt>)</span>
         &mdash;
         <div class='inline'>
-<p>The object, or nil if this cert does not have a ExtendedKeyUsage extension.</p>
+<p>The object, or nil</p>
 </div>
     </li>
@@ -1950,15 +2150,15 @@ extension.</p>
       <pre class="lines">
-353
-354
-355</pre>
+358
+359
+360</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 353</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 358</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_extended_key_usage'>extended_key_usage</span>
-    <span class='kw'>return</span> <span class='id identifier rubyid_r509_extensions'>r509_extensions</span><span class='lbracket'>[</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>ExtendedKeyUsage</span><span class='rbracket'>]</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_crl_distribution_points'>crl_distribution_points</span>
+  <span class='kw'>return</span> <span class='id identifier rubyid_extensions'>extensions</span><span class='lbracket'>[</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>CRLDistributionPoints</span><span class='rbracket'>]</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -1966,9 +2166,9 @@ extension.</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="extensions-instance_method">
+  <h3 class="signature " id="curve_name-instance_method">
-    - (<tt>Array</tt>) <strong>extensions</strong>
+    - (<tt>String</tt>) <strong>curve_name</strong>
@@ -1977,7 +2177,8 @@ extension.</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Return the certificate extensions</p>
+<p>Returns the short name of the elliptic curve used to generate the public
+key if the key is EC. If not, raises an error.</p>
   </div>
@@ -1990,13 +2191,13 @@ extension.</p>
     <li>
-        <span class='type'>(<tt>Array</tt>)</span>
+        <span class='type'>(<tt>String</tt>)</span>
         &mdash;
         <div class='inline'>
-<p>an array of hashes representing the extensions in the cert</p>
+<p>elliptic curve name</p>
 </div>
     </li>
@@ -2009,29 +2210,23 @@ extension.</p>
       <pre class="lines">
-295
-296
-297
-298
-299
-300
-301
-302
-303
-304</pre>
+202
+203
+204
+205
+206
+207
+208</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 295</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_extensions'>extensions</span>
-    <span class='kw'>if</span> <span class='ivar'>@extensions</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
-        <span class='ivar'>@extensions</span> <span class='op'>=</span> <span class='const'>Hash</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span>
-        <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_extensions'>extensions</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='lbrace'>{</span> <span class='op'>|</span><span class='id identifier rubyid_extension'>extension</span><span class='op'>|</span>
-            <span class='id identifier rubyid_hash'>hash</span> <span class='op'>=</span> <span class='lbrace'>{</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>value</span><span class='tstring_end'>'</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_extension'>extension</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>critical</span><span class='tstring_end'>'</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_extension'>extension</span><span class='period'>.</span><span class='id identifier rubyid_critical?'>critical?</span><span class='rbrace'>}</span>
-            <span class='ivar'>@extensions</span><span class='lbracket'>[</span><span class='id identifier rubyid_extension'>extension</span><span class='period'>.</span><span class='id identifier rubyid_oid'>oid</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='id identifier rubyid_hash'>hash</span>
-        <span class='rbrace'>}</span>
-    <span class='kw'>end</span>
-    <span class='ivar'>@extensions</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 202</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_curve_name'>curve_name</span>
+  <span class='kw'>if</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_ec?'>ec?</span>
+    <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_public_key'>public_key</span><span class='period'>.</span><span class='id identifier rubyid_group'>group</span><span class='period'>.</span><span class='id identifier rubyid_curve_name'>curve_name</span>
+  <span class='kw'>else</span>
+    <span class='id identifier rubyid_raise'>raise</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>R509Error</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>Curve name is only available with EC certs</span><span class='tstring_end'>'</span></span>
+  <span class='kw'>end</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -2039,9 +2234,9 @@ extension.</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="fingerprint-instance_method">
+  <h3 class="signature " id="dsa?-instance_method">
-    - (<tt>String</tt>) <strong>fingerprint</strong>(algorithm = 'sha1')
+    - (<tt>Boolean</tt>) <strong>dsa?</strong>
@@ -2050,50 +2245,26 @@ extension.</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns the certificate fingerprint with the specified algorithm (default
-sha1)</p>
+<p>Returns whether the public key is DSA</p>
   </div>
 </div>
 <div class="tags">
-  <p class="tag_title">Parameters:</p>
-<ul class="param">
-    <li>
-        <span class='name'>algorithm</span>
-        <span class='type'>(<tt>String</tt>)</span>
-        <em class="default">(defaults to: <tt>'sha1'</tt>)</em>
-        &mdash;
-        <div class='inline'>
-<p>Which algorithm to use for the fingerprint. See R509::MessageDigest for
-supported algorithm names</p>
-</div>
-    </li>
-</ul>
 <p class="tag_title">Returns:</p>
 <ul class="return">
     <li>
-        <span class='type'>(<tt>String</tt>)</span>
+        <span class='type'>(<tt>Boolean</tt>)</span>
         &mdash;
         <div class='inline'>
-<p>hex digest of the certificate</p>
+<p>true if the public key is DSA, false otherwise</p>
 </div>
     </li>
@@ -2106,21 +2277,15 @@ supported algorithm names</p>
       <pre class="lines">
-129
-130
-131
-132
-133
-134</pre>
+174
+175
+176</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 129</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 174</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_fingerprint'>fingerprint</span><span class='lparen'>(</span><span class='id identifier rubyid_algorithm'>algorithm</span><span class='op'>=</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>sha1</span><span class='tstring_end'>'</span></span><span class='rparen'>)</span>
-    <span class='id identifier rubyid_message_digest'>message_digest</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>MessageDigest</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='id identifier rubyid_algorithm'>algorithm</span><span class='rparen'>)</span>
-    <span class='id identifier rubyid_md'>md</span> <span class='op'>=</span> <span class='id identifier rubyid_message_digest'>message_digest</span><span class='period'>.</span><span class='id identifier rubyid_digest'>digest</span>
-    <span class='id identifier rubyid_md'>md</span><span class='period'>.</span><span class='id identifier rubyid_update'>update</span><span class='lparen'>(</span><span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_to_der'>to_der</span><span class='rparen'>)</span>
-    <span class='id identifier rubyid_md'>md</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_dsa?'>dsa?</span>
+  <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_public_key'>public_key</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span><span class='lparen'>(</span><span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>PKey</span><span class='op'>::</span><span class='const'>DSA</span><span class='rparen'>)</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -2128,9 +2293,9 @@ supported algorithm names</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="has_private_key?-instance_method">
+  <h3 class="signature " id="ec?-instance_method">
-    - (<tt>Boolean</tt>) <strong>has_private_key?</strong>
+    - (<tt>Boolean</tt>) <strong>ec?</strong>
@@ -2139,7 +2304,7 @@ supported algorithm names</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Boolean of whether the object contains a private key</p>
+<p>Returns whether the public key is EC</p>
   </div>
@@ -2158,7 +2323,7 @@ supported algorithm names</p>
         &mdash;
         <div class='inline'>
-<p>Boolean of whether the object contains a private key</p>
+<p>true if the public key is EC, false otherwise</p>
 </div>
     </li>
@@ -2171,23 +2336,15 @@ supported algorithm names</p>
       <pre class="lines">
-168
-169
-170
-171
-172
-173
-174</pre>
+181
+182
+183</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 168</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 181</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_has_private_key?'>has_private_key?</span>
-    <span class='kw'>if</span> <span class='kw'>not</span> <span class='ivar'>@key</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
-        <span class='kw'>true</span>
-    <span class='kw'>else</span>
-        <span class='kw'>false</span>
-    <span class='kw'>end</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_ec?'>ec?</span>
+  <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_public_key'>public_key</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span><span class='lparen'>(</span><span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>PKey</span><span class='op'>::</span><span class='const'>EC</span><span class='rparen'>)</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -2195,55 +2352,108 @@ supported algorithm names</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="is_revoked_by_crl?-instance_method">
+  <h3 class="signature " id="extended_key_usage-instance_method">
-    - (<tt>Boolean</tt>) <strong>is_revoked_by_crl?</strong>(r509_crl)
+    - (<tt><span class='object_link'><a href="Cert/Extensions/ExtendedKeyUsage.html" title="R509::Cert::Extensions::ExtendedKeyUsage (class)">R509::Cert::Extensions::ExtendedKeyUsage</a></span></tt>) <strong>extended_key_usage</strong>
+    <span class="aliases">Also known as:
+    <span class="names"><span id='eku-instance_method'>eku</span></span>
+    </span>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Checks the given CRL for this certificate's serial number. Note that this
-does NOT check to verify that the CRL you're checking is signed by the same
-CA as the cert so do that check yourself</p>
+<p>Returns this object's ExtendedKeyUsage extension as an R509 extension</p>
+<p>if this cert does not have a ExtendedKeyUsage extension.</p>
   </div>
 </div>
 <div class="tags">
-  <p class="tag_title">Parameters:</p>
-<ul class="param">
+<p class="tag_title">Returns:</p>
+<ul class="return">
     <li>
-        <span class='name'>r509_crl</span>
-        <span class='type'>(<tt><span class='object_link'><a href="Crl.html" title="R509::Crl (module)">R509::Crl</a></span></tt>)</span>
+        <span class='type'>(<tt><span class='object_link'><a href="Cert/Extensions/ExtendedKeyUsage.html" title="R509::Cert::Extensions::ExtendedKeyUsage (class)">R509::Cert::Extensions::ExtendedKeyUsage</a></span></tt>)</span>
         &mdash;
         <div class='inline'>
-<p>A CRL from the CA that issued this certificate.</p>
+<p>The object, or nil</p>
 </div>
     </li>
 </ul>
+</div><table class="source_code">
+  <tr>
+    <td>
+      <pre class="lines">
+314
+315
+316</pre>
+    </td>
+    <td>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 314</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_extended_key_usage'>extended_key_usage</span>
+  <span class='kw'>return</span> <span class='id identifier rubyid_extensions'>extensions</span><span class='lbracket'>[</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>ExtendedKeyUsage</span><span class='rbracket'>]</span>
+<span class='kw'>end</span></pre>
+    </td>
+  </tr>
+</table>
+</div>
+      <div class="method_details ">
+  <h3 class="signature " id="extensions-instance_method">
+    - (<tt>Hash</tt>) <strong>extensions</strong>
+</h3><div class="docstring">
+  <div class="discussion">
+<p>Returns the certificate extensions as a hash of R509::Cert::Extensions
+specific objects.</p>
+<p>R509::Cert::Extensions module, each specific to the extension. The hash is
+keyed with the R509 extension class. Extensions without an R509
+implementation are ignored (see #get_unknown_extensions).</p>
+  </div>
+</div>
+<div class="tags">
 <p class="tag_title">Returns:</p>
 <ul class="return">
     <li>
-        <span class='type'>(<tt>Boolean</tt>)</span>
+        <span class='type'>(<tt>Hash</tt>)</span>
+        &mdash;
+        <div class='inline'>
+<p>A hash, in which the values are classes from the</p>
+</div>
     </li>
@@ -2255,15 +2465,23 @@ CA as the cert so do that check yourself</p>
       <pre class="lines">
-288
-289
-290</pre>
+273
+274
+275
+276
+277
+278
+279</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 288</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 273</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_is_revoked_by_crl?'>is_revoked_by_crl?</span><span class='lparen'>(</span> <span class='id identifier rubyid_r509_crl'>r509_crl</span> <span class='rparen'>)</span>
-    <span class='kw'>return</span> <span class='id identifier rubyid_r509_crl'>r509_crl</span><span class='period'>.</span><span class='id identifier rubyid_revoked?'>revoked?</span><span class='lparen'>(</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_serial'>serial</span> <span class='rparen'>)</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_extensions'>extensions</span>
+  <span class='kw'>if</span> <span class='ivar'>@r509_extensions</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
+    <span class='ivar'>@r509_extensions</span> <span class='op'>=</span> <span class='const'>Extensions</span><span class='period'>.</span><span class='id identifier rubyid_wrap_openssl_extensions'>wrap_openssl_extensions</span><span class='lparen'>(</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_cert'>cert</span><span class='period'>.</span><span class='id identifier rubyid_extensions'>extensions</span> <span class='rparen'>)</span>
+  <span class='kw'>end</span>
+  <span class='kw'>return</span> <span class='ivar'>@r509_extensions</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -2271,9 +2489,9 @@ CA as the cert so do that check yourself</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="issuer-instance_method">
+  <h3 class="signature " id="fingerprint-instance_method">
-    - (<tt>OpenSSL::X509::Name</tt>) <strong>issuer</strong>
+    - (<tt>String</tt>) <strong>fingerprint</strong>(algorithm = 'sha1')
@@ -2282,26 +2500,50 @@ CA as the cert so do that check yourself</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns the issuer</p>
+<p>Returns the certificate fingerprint with the specified algorithm (default
+sha1)</p>
   </div>
 </div>
 <div class="tags">
+  <p class="tag_title">Parameters:</p>
+<ul class="param">
+    <li>
+        <span class='name'>algorithm</span>
+        <span class='type'>(<tt>String</tt>)</span>
+        <em class="default">(defaults to: <tt>'sha1'</tt>)</em>
+        &mdash;
+        <div class='inline'>
+<p>Which algorithm to use for the fingerprint. See R509::MessageDigest for
+supported algorithm names</p>
+</div>
+    </li>
+</ul>
 <p class="tag_title">Returns:</p>
 <ul class="return">
     <li>
-        <span class='type'>(<tt>OpenSSL::X509::Name</tt>)</span>
+        <span class='type'>(<tt>String</tt>)</span>
         &mdash;
         <div class='inline'>
-<p>issuer object. Can be parsed as string easily</p>
+<p>hex digest of the certificate</p>
 </div>
     </li>
@@ -2314,15 +2556,21 @@ CA as the cert so do that check yourself</p>
       <pre class="lines">
-109
-110
-111</pre>
+112
+113
+114
+115
+116
+117</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 109</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 112</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_issuer'>issuer</span>
-    <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_issuer'>issuer</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_fingerprint'>fingerprint</span><span class='lparen'>(</span><span class='id identifier rubyid_algorithm'>algorithm</span><span class='op'>=</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>sha1</span><span class='tstring_end'>'</span></span><span class='rparen'>)</span>
+  <span class='id identifier rubyid_message_digest'>message_digest</span> <span class='op'>=</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>MessageDigest</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='id identifier rubyid_algorithm'>algorithm</span><span class='rparen'>)</span>
+  <span class='id identifier rubyid_md'>md</span> <span class='op'>=</span> <span class='id identifier rubyid_message_digest'>message_digest</span><span class='period'>.</span><span class='id identifier rubyid_digest'>digest</span>
+  <span class='id identifier rubyid_md'>md</span><span class='period'>.</span><span class='id identifier rubyid_update'>update</span><span class='lparen'>(</span><span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_to_der'>to_der</span><span class='rparen'>)</span>
+  <span class='id identifier rubyid_md'>md</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -2330,9 +2578,9 @@ CA as the cert so do that check yourself</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="issuer_cn-instance_method">
+  <h3 class="signature " id="has_private_key?-instance_method">
-    - (<tt>String</tt>) <strong>issuer_cn</strong>
+    - (<tt>Boolean</tt>) <strong>has_private_key?</strong>
@@ -2341,7 +2589,7 @@ CA as the cert so do that check yourself</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>The common name (CN) component of the issuer</p>
+<p>Boolean of whether the object contains a private key</p>
   </div>
@@ -2354,13 +2602,13 @@ CA as the cert so do that check yourself</p>
     <li>
-        <span class='type'>(<tt>String</tt>)</span>
+        <span class='type'>(<tt>Boolean</tt>)</span>
         &mdash;
         <div class='inline'>
-<p>The common name (CN) component of the issuer</p>
+<p>Boolean of whether the object contains a private key</p>
 </div>
     </li>
@@ -2373,29 +2621,23 @@ CA as the cert so do that check yourself</p>
       <pre class="lines">
-114
-115
-116
-117
-118
-119
-120
-121
-122
-123</pre>
+144
+145
+146
+147
+148
+149
+150</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 114</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_issuer_cn'>issuer_cn</span>
-    <span class='kw'>return</span> <span class='kw'>nil</span> <span class='kw'>if</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_issuer'>issuer</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
-    <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_issuer'>issuer</span><span class='period'>.</span><span class='id identifier rubyid_to_a'>to_a</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_part'>part</span><span class='comma'>,</span> <span class='id identifier rubyid_value'>value</span><span class='comma'>,</span> <span class='id identifier rubyid_length'>length</span><span class='op'>|</span>
-        <span class='kw'>return</span> <span class='id identifier rubyid_value'>value</span> <span class='kw'>if</span> <span class='id identifier rubyid_part'>part</span><span class='period'>.</span><span class='id identifier rubyid_upcase'>upcase</span> <span class='op'>==</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>CN</span><span class='tstring_end'>'</span></span>
-    <span class='kw'>end</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 144</span>
-    <span class='comment'># return nil if we didn't find a CN part
-</span>    <span class='kw'>return</span> <span class='kw'>nil</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_has_private_key?'>has_private_key?</span>
+  <span class='kw'>if</span> <span class='kw'>not</span> <span class='ivar'>@key</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
+    <span class='kw'>true</span>
+  <span class='kw'>else</span>
+    <span class='kw'>false</span>
+  <span class='kw'>end</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -2403,9 +2645,9 @@ CA as the cert so do that check yourself</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="key_algorithm-instance_method">
+  <h3 class="signature " id="hexserial-instance_method">
-    - (<tt>String</tt>) <strong>key_algorithm</strong>
+    - (<tt>String</tt>) <strong>hexserial</strong>
@@ -2414,7 +2656,7 @@ CA as the cert so do that check yourself</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns key algorithm (RSA or DSA)</p>
+<p>Returns the serial number of the certificate in hexadecimal form</p>
   </div>
@@ -2431,11 +2673,6 @@ CA as the cert so do that check yourself</p>
-        &mdash;
-        <div class='inline'>
-<p>value of the key algorithm. RSA or DSA</p>
-</div>
     </li>
 </ul>
@@ -2446,23 +2683,15 @@ CA as the cert so do that check yourself</p>
       <pre class="lines">
-248
-249
-250
-251
-252
-253
-254</pre>
+90
+91
+92</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 248</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 90</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_key_algorithm'>key_algorithm</span>
-    <span class='kw'>if</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_rsa?'>rsa?</span>
-        <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>RSA</span><span class='tstring_end'>&quot;</span></span>
-    <span class='kw'>elsif</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_dsa?'>dsa?</span>
-        <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>DSA</span><span class='tstring_end'>&quot;</span></span>
-    <span class='kw'>end</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_hexserial'>hexserial</span>
+  <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_serial'>serial</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='lparen'>(</span><span class='int'>16</span><span class='rparen'>)</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -2470,9 +2699,9 @@ CA as the cert so do that check yourself</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="key_usage-instance_method">
+  <h3 class="signature " id="inhibit_any_policy-instance_method">
-    - (<tt><span class='object_link'><a href="Cert/Extensions/KeyUsage.html" title="R509::Cert::Extensions::KeyUsage (class)">R509::Cert::Extensions::KeyUsage</a></span></tt>) <strong>key_usage</strong>
+    - (<tt><span class='object_link'><a href="Cert/Extensions/InhibitAnyPolicy.html" title="R509::Cert::Extensions::InhibitAnyPolicy (class)">R509::Cert::Extensions::InhibitAnyPolicy</a></span></tt>) <strong>inhibit_any_policy</strong>
@@ -2481,7 +2710,9 @@ CA as the cert so do that check yourself</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns this object's KeyUsage extension as an R509 extension</p>
+<p>Returns this object's InhibitAnyPolicy extension as an R509 extension</p>
+<p>if this cert does not have a InhibitAnyPolicy extension.</p>
   </div>
@@ -2494,13 +2725,13 @@ CA as the cert so do that check yourself</p>
     <li>
-        <span class='type'>(<tt><span class='object_link'><a href="Cert/Extensions/KeyUsage.html" title="R509::Cert::Extensions::KeyUsage (class)">R509::Cert::Extensions::KeyUsage</a></span></tt>)</span>
+        <span class='type'>(<tt><span class='object_link'><a href="Cert/Extensions/InhibitAnyPolicy.html" title="R509::Cert::Extensions::InhibitAnyPolicy (class)">R509::Cert::Extensions::InhibitAnyPolicy</a></span></tt>)</span>
         &mdash;
         <div class='inline'>
-<p>The object, or nil if this cert does not have a KeyUsage extension.</p>
+<p>The object, or nil</p>
 </div>
     </li>
@@ -2513,15 +2744,15 @@ CA as the cert so do that check yourself</p>
       <pre class="lines">
-345
-346
-347</pre>
+383
+384
+385</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 345</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 383</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_key_usage'>key_usage</span>
-    <span class='kw'>return</span> <span class='id identifier rubyid_r509_extensions'>r509_extensions</span><span class='lbracket'>[</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>KeyUsage</span><span class='rbracket'>]</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_inhibit_any_policy'>inhibit_any_policy</span>
+  <span class='kw'>return</span> <span class='id identifier rubyid_extensions'>extensions</span><span class='lbracket'>[</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>InhibitAnyPolicy</span><span class='rbracket'>]</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -2529,9 +2760,9 @@ CA as the cert so do that check yourself</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="not_after-instance_method">
+  <h3 class="signature " id="is_revoked_by_crl?-instance_method">
-    - (<tt>Time</tt>) <strong>not_after</strong>
+    - (<tt>Boolean</tt>) <strong>is_revoked_by_crl?</strong>(r509_crl)
@@ -2540,47 +2771,64 @@ CA as the cert so do that check yourself</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns ending (notAfter) of certificate validity period</p>
+<p>Checks the given CRL for this certificate's serial number. Note that this
+does NOT check to verify that the CRL you're checking is signed by the same
+CA as the cert so do that check yourself</p>
   </div>
 </div>
 <div class="tags">
-<p class="tag_title">Returns:</p>
-<ul class="return">
+  <p class="tag_title">Parameters:</p>
+<ul class="param">
     <li>
+        <span class='name'>r509_crl</span>
-        <span class='type'>(<tt>Time</tt>)</span>
+        <span class='type'>(<tt><span class='object_link'><a href="CRL/SignedList.html" title="R509::CRL::SignedList (class)">R509::CRL::SignedList</a></span></tt>)</span>
         &mdash;
         <div class='inline'>
-<p>time object</p>
+<p>A CRL from the CA that issued this certificate.</p>
 </div>
     </li>
 </ul>
+<p class="tag_title">Returns:</p>
+<ul class="return">
+    <li>
+        <span class='type'>(<tt>Boolean</tt>)</span>
+    </li>
+</ul>
 </div><table class="source_code">
   <tr>
     <td>
       <pre class="lines">
-95
-96
-97</pre>
+262
+263
+264</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 95</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 262</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_not_after'>not_after</span>
-    <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_not_after'>not_after</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_is_revoked_by_crl?'>is_revoked_by_crl?</span><span class='lparen'>(</span> <span class='id identifier rubyid_r509_crl'>r509_crl</span> <span class='rparen'>)</span>
+  <span class='kw'>return</span> <span class='id identifier rubyid_r509_crl'>r509_crl</span><span class='period'>.</span><span class='id identifier rubyid_revoked?'>revoked?</span><span class='lparen'>(</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_serial'>serial</span> <span class='rparen'>)</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -2588,9 +2836,9 @@ CA as the cert so do that check yourself</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="not_before-instance_method">
+  <h3 class="signature " id="key_algorithm-instance_method">
-    - (<tt>Time</tt>) <strong>not_before</strong>
+    - (<tt>Symbol</tt>) <strong>key_algorithm</strong>
@@ -2599,7 +2847,7 @@ CA as the cert so do that check yourself</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns beginning (notBefore) of certificate validity period</p>
+<p>Returns key algorithm (RSA, DSA, EC)</p>
   </div>
@@ -2612,13 +2860,13 @@ CA as the cert so do that check yourself</p>
     <li>
-        <span class='type'>(<tt>Time</tt>)</span>
+        <span class='type'>(<tt>Symbol</tt>)</span>
         &mdash;
         <div class='inline'>
-<p>time object</p>
+<p>value of the key algorithm. :rsa, :dsa, :ec</p>
 </div>
     </li>
@@ -2631,15 +2879,27 @@ CA as the cert so do that check yourself</p>
       <pre class="lines">
-81
-82
-83</pre>
+220
+221
+222
+223
+224
+225
+226
+227
+228</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 81</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 220</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_not_before'>not_before</span>
-    <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_not_before'>not_before</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_key_algorithm'>key_algorithm</span>
+  <span class='kw'>if</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_rsa?'>rsa?</span>
+    <span class='symbol'>:rsa</span>
+  <span class='kw'>elsif</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_dsa?'>dsa?</span>
+    <span class='symbol'>:dsa</span>
+  <span class='kw'>elsif</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_ec?'>ec?</span>
+    <span class='symbol'>:ec</span>
+  <span class='kw'>end</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -2647,18 +2907,24 @@ CA as the cert so do that check yourself</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="public_key-instance_method">
+  <h3 class="signature " id="key_usage-instance_method">
-    - (<tt>OpenSSL::PKey::RSA</tt>) <strong>public_key</strong>
+    - (<tt><span class='object_link'><a href="Cert/Extensions/KeyUsage.html" title="R509::Cert::Extensions::KeyUsage (class)">R509::Cert::Extensions::KeyUsage</a></span></tt>) <strong>key_usage</strong>
+    <span class="aliases">Also known as:
+    <span class="names"><span id='ku-instance_method'>ku</span></span>
+    </span>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns the certificate public key</p>
+<p>Returns this object's KeyUsage extension as an R509 extension</p>
+<p>if this cert does not have a KeyUsage extension.</p>
   </div>
@@ -2671,13 +2937,13 @@ CA as the cert so do that check yourself</p>
     <li>
-        <span class='type'>(<tt>OpenSSL::PKey::RSA</tt>)</span>
+        <span class='type'>(<tt><span class='object_link'><a href="Cert/Extensions/KeyUsage.html" title="R509::Cert::Extensions::KeyUsage (class)">R509::Cert::Extensions::KeyUsage</a></span></tt>)</span>
         &mdash;
         <div class='inline'>
-<p>public key object</p>
+<p>The object, or nil</p>
 </div>
     </li>
@@ -2690,15 +2956,15 @@ CA as the cert so do that check yourself</p>
       <pre class="lines">
-102
-103
-104</pre>
+305
+306
+307</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 102</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 305</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_public_key'>public_key</span>
-    <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_public_key'>public_key</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_key_usage'>key_usage</span>
+  <span class='kw'>return</span> <span class='id identifier rubyid_extensions'>extensions</span><span class='lbracket'>[</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>KeyUsage</span><span class='rbracket'>]</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -2706,9 +2972,9 @@ CA as the cert so do that check yourself</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="r509_extensions-instance_method">
+  <h3 class="signature " id="name_constraints-instance_method">
-    - (<tt>Hash</tt>) <strong>r509_extensions</strong>
+    - (<tt><span class='object_link'><a href="Cert/Extensions/NameConstraints.html" title="R509::Cert::Extensions::NameConstraints (class)">R509::Cert::Extensions::NameConstraints</a></span></tt>) <strong>name_constraints</strong>
@@ -2717,12 +2983,9 @@ CA as the cert so do that check yourself</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns the certificate extensions as a hash of R509::Cert::Extensions
-specific objects.</p>
+<p>Returns this object's NameConstraints extension as an R509 extension</p>
-<p>R509::Cert::Extensions module, each specific to the extension. The hash is
-keyed with the R509 extension class. Extensions without an R509
-implementation are ignored (see #get_unknown_extensions).</p>
+<p>if this cert does not have a NameConstraints extension.</p>
   </div>
@@ -2735,13 +2998,13 @@ implementation are ignored (see #get_unknown_extensions).</p>
     <li>
-        <span class='type'>(<tt>Hash</tt>)</span>
+        <span class='type'>(<tt><span class='object_link'><a href="Cert/Extensions/NameConstraints.html" title="R509::Cert::Extensions::NameConstraints (class)">R509::Cert::Extensions::NameConstraints</a></span></tt>)</span>
         &mdash;
         <div class='inline'>
-<p>A hash, in which the values are classes from the</p>
+<p>The object, or nil</p>
 </div>
     </li>
@@ -2754,23 +3017,15 @@ implementation are ignored (see #get_unknown_extensions).</p>
       <pre class="lines">
-313
-314
-315
-316
-317
-318
-319</pre>
+399
+400
+401</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 313</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_r509_extensions'>r509_extensions</span>
-    <span class='kw'>if</span> <span class='ivar'>@r509_extensions</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
-        <span class='ivar'>@r509_extensions</span> <span class='op'>=</span> <span class='const'>Extensions</span><span class='period'>.</span><span class='id identifier rubyid_wrap_openssl_extensions'>wrap_openssl_extensions</span><span class='lparen'>(</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_cert'>cert</span><span class='period'>.</span><span class='id identifier rubyid_extensions'>extensions</span> <span class='rparen'>)</span>
-    <span class='kw'>end</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 399</span>
-    <span class='kw'>return</span> <span class='ivar'>@r509_extensions</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_name_constraints'>name_constraints</span>
+  <span class='kw'>return</span> <span class='id identifier rubyid_extensions'>extensions</span><span class='lbracket'>[</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>NameConstraints</span><span class='rbracket'>]</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -2778,9 +3033,9 @@ implementation are ignored (see #get_unknown_extensions).</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="rsa?-instance_method">
+  <h3 class="signature " id="not_after-instance_method">
-    - (<tt>Boolean</tt>) <strong>rsa?</strong>
+    - (<tt>Time</tt>) <strong>not_after</strong>
@@ -2789,7 +3044,7 @@ implementation are ignored (see #get_unknown_extensions).</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns whether the public key is RSA</p>
+<p>Returns ending (notAfter) of certificate validity period</p>
   </div>
@@ -2802,13 +3057,13 @@ implementation are ignored (see #get_unknown_extensions).</p>
     <li>
-        <span class='type'>(<tt>Boolean</tt>)</span>
+        <span class='type'>(<tt>Time</tt>)</span>
         &mdash;
         <div class='inline'>
-<p>true if the public key is RSA, false otherwise</p>
+<p>time object</p>
 </div>
     </li>
@@ -2821,15 +3076,15 @@ implementation are ignored (see #get_unknown_extensions).</p>
       <pre class="lines">
-216
-217
-218</pre>
+97
+98
+99</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 216</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 97</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_rsa?'>rsa?</span>
-    <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_public_key'>public_key</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span><span class='lparen'>(</span><span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>PKey</span><span class='op'>::</span><span class='const'>RSA</span><span class='rparen'>)</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_not_after'>not_after</span>
+  <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_not_after'>not_after</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -2837,9 +3092,9 @@ implementation are ignored (see #get_unknown_extensions).</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="san_names-instance_method">
+  <h3 class="signature " id="not_before-instance_method">
-    - (<tt>Array</tt>) <strong>san_names</strong>
+    - (<tt>Time</tt>) <strong>not_before</strong>
@@ -2848,7 +3103,7 @@ implementation are ignored (see #get_unknown_extensions).</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>List of SAN DNS names</p>
+<p>Returns beginning (notBefore) of certificate validity period</p>
   </div>
@@ -2861,13 +3116,13 @@ implementation are ignored (see #get_unknown_extensions).</p>
     <li>
-        <span class='type'>(<tt>Array</tt>)</span>
+        <span class='type'>(<tt>Time</tt>)</span>
         &mdash;
         <div class='inline'>
-<p>list of SAN DNS names</p>
+<p>time object</p>
 </div>
     </li>
@@ -2880,23 +3135,15 @@ implementation are ignored (see #get_unknown_extensions).</p>
       <pre class="lines">
-177
-178
-179
-180
-181
-182
-183</pre>
+76
+77
+78</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 177</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 76</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_san_names'>san_names</span>
-    <span class='kw'>if</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_subject_alternative_name'>subject_alternative_name</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
-        <span class='kw'>return</span> <span class='lbracket'>[</span><span class='rbracket'>]</span>
-    <span class='kw'>else</span>
-        <span class='kw'>return</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_subject_alternative_name'>subject_alternative_name</span><span class='period'>.</span><span class='id identifier rubyid_dns_names'>dns_names</span>
-    <span class='kw'>end</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_not_before'>not_before</span>
+  <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_not_before'>not_before</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -2904,9 +3151,9 @@ implementation are ignored (see #get_unknown_extensions).</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="serial-instance_method">
+  <h3 class="signature " id="ocsp_no_check?-instance_method">
-    - (<tt>Integer</tt>) <strong>serial</strong>
+    - (<tt>Boolean</tt>) <strong>ocsp_no_check?</strong>
@@ -2915,7 +3162,8 @@ implementation are ignored (see #get_unknown_extensions).</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns the serial number of the certificate in decimal form</p>
+<p>Returns true if the OCSP No Check extension is present (value is irrelevant
+to this extension)</p>
   </div>
@@ -2928,10 +3176,15 @@ implementation are ignored (see #get_unknown_extensions).</p>
     <li>
-        <span class='type'>(<tt>Integer</tt>)</span>
+        <span class='type'>(<tt>Boolean</tt>)</span>
+        &mdash;
+        <div class='inline'>
+<p>presence/absence of the nocheck extension</p>
+</div>
     </li>
 </ul>
@@ -2942,15 +3195,15 @@ implementation are ignored (see #get_unknown_extensions).</p>
       <pre class="lines">
-88
-89
-90</pre>
+367
+368
+369</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 88</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 367</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_serial'>serial</span>
-    <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_serial'>serial</span><span class='period'>.</span><span class='id identifier rubyid_to_i'>to_i</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_ocsp_no_check?'>ocsp_no_check?</span>
+  <span class='kw'>return</span> <span class='lparen'>(</span><span class='id identifier rubyid_extensions'>extensions</span><span class='period'>.</span><span class='id identifier rubyid_has_key?'>has_key?</span><span class='lparen'>(</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>OCSPNoCheck</span><span class='rparen'>)</span><span class='rparen'>)</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -2958,9 +3211,9 @@ implementation are ignored (see #get_unknown_extensions).</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="signature_algorithm-instance_method">
+  <h3 class="signature " id="policy_constraints-instance_method">
-    - (<tt>String</tt>) <strong>signature_algorithm</strong>
+    - (<tt><span class='object_link'><a href="Cert/Extensions/PolicyConstraints.html" title="R509::Cert::Extensions::PolicyConstraints (class)">R509::Cert::Extensions::PolicyConstraints</a></span></tt>) <strong>policy_constraints</strong>
@@ -2969,7 +3222,9 @@ implementation are ignored (see #get_unknown_extensions).</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns signature algorithm</p>
+<p>Returns this object's PolicyConstraints extension as an R509 extension</p>
+<p>if this cert does not have a PolicyConstraints extension.</p>
   </div>
@@ -2982,14 +3237,13 @@ implementation are ignored (see #get_unknown_extensions).</p>
     <li>
-        <span class='type'>(<tt>String</tt>)</span>
+        <span class='type'>(<tt><span class='object_link'><a href="Cert/Extensions/PolicyConstraints.html" title="R509::Cert::Extensions::PolicyConstraints (class)">R509::Cert::Extensions::PolicyConstraints</a></span></tt>)</span>
         &mdash;
         <div class='inline'>
-<p>value of the signature algorithm. E.g. sha1WithRSAEncryption,
-sha256WithRSAEncryption, md5WithRSAEncryption</p>
+<p>The object, or nil</p>
 </div>
     </li>
@@ -3002,15 +3256,15 @@ sha256WithRSAEncryption, md5WithRSAEncryption</p>
       <pre class="lines">
-241
-242
-243</pre>
+391
+392
+393</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 241</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 391</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_signature_algorithm'>signature_algorithm</span>
-    <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_signature_algorithm'>signature_algorithm</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_policy_constraints'>policy_constraints</span>
+  <span class='kw'>return</span> <span class='id identifier rubyid_extensions'>extensions</span><span class='lbracket'>[</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>PolicyConstraints</span><span class='rbracket'>]</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -3018,9 +3272,9 @@ sha256WithRSAEncryption, md5WithRSAEncryption</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="subject-instance_method">
+  <h3 class="signature " id="public_key-instance_method">
-    - (<tt>OpenSSL::X509::Name</tt>) <strong>subject</strong>
+    - (<tt>OpenSSL::PKey::RSA</tt>) <strong>public_key</strong>
@@ -3029,7 +3283,7 @@ sha256WithRSAEncryption, md5WithRSAEncryption</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns the subject</p>
+<p>Returns the certificate public key</p>
   </div>
@@ -3042,13 +3296,13 @@ sha256WithRSAEncryption, md5WithRSAEncryption</p>
     <li>
-        <span class='type'>(<tt>OpenSSL::X509::Name</tt>)</span>
+        <span class='type'>(<tt>OpenSSL::PKey::RSA</tt>)</span>
         &mdash;
         <div class='inline'>
-<p>subject object. Can be parsed as string easily</p>
+<p>public key object</p>
 </div>
     </li>
@@ -3061,15 +3315,15 @@ sha256WithRSAEncryption, md5WithRSAEncryption</p>
       <pre class="lines">
-163
-164
-165</pre>
+104
+105
+106</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 163</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 104</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_subject'>subject</span>
-    <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_subject'>subject</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_public_key'>public_key</span>
+  <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_public_key'>public_key</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -3077,9 +3331,9 @@ sha256WithRSAEncryption, md5WithRSAEncryption</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="subject_alternative_name-instance_method">
+  <h3 class="signature " id="rsa?-instance_method">
-    - (<tt><span class='object_link'><a href="Cert/Extensions/SubjectAlternativeName.html" title="R509::Cert::Extensions::SubjectAlternativeName (class)">R509::Cert::Extensions::SubjectAlternativeName</a></span></tt>) <strong>subject_alternative_name</strong>
+    - (<tt>Boolean</tt>) <strong>rsa?</strong>
@@ -3088,7 +3342,7 @@ sha256WithRSAEncryption, md5WithRSAEncryption</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns this object's SubjectAlternativeName extension as an R509 extension</p>
+<p>Returns whether the public key is RSA</p>
   </div>
@@ -3101,14 +3355,13 @@ sha256WithRSAEncryption, md5WithRSAEncryption</p>
     <li>
-        <span class='type'>(<tt><span class='object_link'><a href="Cert/Extensions/SubjectAlternativeName.html" title="R509::Cert::Extensions::SubjectAlternativeName (class)">R509::Cert::Extensions::SubjectAlternativeName</a></span></tt>)</span>
+        <span class='type'>(<tt>Boolean</tt>)</span>
         &mdash;
         <div class='inline'>
-<p>The object, or nil if this cert does not have a SubjectAlternativeName
-extension.</p>
+<p>true if the public key is RSA, false otherwise</p>
 </div>
     </li>
@@ -3121,15 +3374,15 @@ extension.</p>
       <pre class="lines">
-377
-378
-379</pre>
+167
+168
+169</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 377</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 167</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_subject_alternative_name'>subject_alternative_name</span>
-    <span class='kw'>return</span> <span class='id identifier rubyid_r509_extensions'>r509_extensions</span><span class='lbracket'>[</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>SubjectAlternativeName</span><span class='rbracket'>]</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_rsa?'>rsa?</span>
+  <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_public_key'>public_key</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span><span class='lparen'>(</span><span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>PKey</span><span class='op'>::</span><span class='const'>RSA</span><span class='rparen'>)</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -3137,9 +3390,9 @@ extension.</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="subject_cn-instance_method">
+  <h3 class="signature " id="serial-instance_method">
-    - (<tt>String</tt>) <strong>subject_cn</strong>
+    - (<tt>Integer</tt>) <strong>serial</strong>
@@ -3148,7 +3401,7 @@ extension.</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns the CN component, if any, of the subject</p>
+<p>Returns the serial number of the certificate in decimal form</p>
   </div>
@@ -3161,7 +3414,7 @@ extension.</p>
     <li>
-        <span class='type'>(<tt>String</tt>)</span>
+        <span class='type'>(<tt>Integer</tt>)</span>
@@ -3175,15 +3428,15 @@ extension.</p>
       <pre class="lines">
-188
-189
-190</pre>
+83
+84
+85</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 188</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 83</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_subject_cn'>subject_cn</span><span class='lparen'>(</span><span class='rparen'>)</span>
-    <span class='kw'>return</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_subject_component'>subject_component</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>CN</span><span class='tstring_end'>'</span></span><span class='rparen'>)</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_serial'>serial</span>
+  <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_serial'>serial</span><span class='period'>.</span><span class='id identifier rubyid_to_i'>to_i</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -3191,9 +3444,9 @@ extension.</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="subject_component-instance_method">
+  <h3 class="signature " id="signature_algorithm-instance_method">
-    - (<tt>String</tt>) <strong>subject_component</strong>(short_name)
+    - (<tt>String</tt>) <strong>signature_algorithm</strong>
@@ -3202,7 +3455,7 @@ extension.</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns subject component</p>
+<p>Returns signature algorithm</p>
   </div>
@@ -3221,7 +3474,8 @@ extension.</p>
         &mdash;
         <div class='inline'>
-<p>value of the subject component requested</p>
+<p>value of the signature algorithm. E.g. sha1WithRSAEncryption,
+sha256WithRSAEncryption, md5WithRSAEncryption, et cetera</p>
 </div>
     </li>
@@ -3234,19 +3488,15 @@ extension.</p>
       <pre class="lines">
-195
-196
-197
-198
-199</pre>
+213
+214
+215</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 195</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 213</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_subject_component'>subject_component</span> <span class='id identifier rubyid_short_name'>short_name</span>
-    <span class='id identifier rubyid_match'>match</span> <span class='op'>=</span> <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_subject'>subject</span><span class='period'>.</span><span class='id identifier rubyid_to_a'>to_a</span><span class='period'>.</span><span class='id identifier rubyid_find'>find</span> <span class='lbrace'>{</span> <span class='op'>|</span><span class='id identifier rubyid_x'>x</span><span class='op'>|</span> <span class='id identifier rubyid_x'>x</span><span class='lbracket'>[</span><span class='int'>0</span><span class='rbracket'>]</span> <span class='op'>==</span> <span class='id identifier rubyid_short_name'>short_name</span> <span class='rbrace'>}</span>
-    <span class='kw'>return</span> <span class='kw'>nil</span> <span class='kw'>if</span> <span class='id identifier rubyid_match'>match</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
-    <span class='kw'>return</span> <span class='id identifier rubyid_match'>match</span><span class='lbracket'>[</span><span class='int'>1</span><span class='rbracket'>]</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_signature_algorithm'>signature_algorithm</span>
+  <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_signature_algorithm'>signature_algorithm</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -3254,18 +3504,24 @@ extension.</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="subject_key_identifier-instance_method">
+  <h3 class="signature " id="subject_alternative_name-instance_method">
-    - (<tt><span class='object_link'><a href="Cert/Extensions/SubjectKeyIdentifier.html" title="R509::Cert::Extensions::SubjectKeyIdentifier (class)">R509::Cert::Extensions::SubjectKeyIdentifier</a></span></tt>) <strong>subject_key_identifier</strong>
+    - (<tt><span class='object_link'><a href="Cert/Extensions/SubjectAlternativeName.html" title="R509::Cert::Extensions::SubjectAlternativeName (class)">R509::Cert::Extensions::SubjectAlternativeName</a></span></tt>) <strong>subject_alternative_name</strong>
+    <span class="aliases">Also known as:
+    <span class="names"><span id='san-instance_method'>san</span>, <span id='subject_alt_name-instance_method'>subject_alt_name</span></span>
+    </span>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Returns this object's SubjectKeyIdentifier extension as an R509 extension</p>
+<p>Returns this object's SubjectAlternativeName extension as an R509 extension</p>
+<p>if this cert does not have a SubjectAlternativeName extension.</p>
   </div>
@@ -3278,14 +3534,13 @@ extension.</p>
     <li>
-        <span class='type'>(<tt><span class='object_link'><a href="Cert/Extensions/SubjectKeyIdentifier.html" title="R509::Cert::Extensions::SubjectKeyIdentifier (class)">R509::Cert::Extensions::SubjectKeyIdentifier</a></span></tt>)</span>
+        <span class='type'>(<tt><span class='object_link'><a href="Cert/Extensions/SubjectAlternativeName.html" title="R509::Cert::Extensions::SubjectAlternativeName (class)">R509::Cert::Extensions::SubjectAlternativeName</a></span></tt>)</span>
         &mdash;
         <div class='inline'>
-<p>The object, or nil if this cert does not have a SubjectKeyIdentifier
-extension.</p>
+<p>The object, or nil</p>
 </div>
     </li>
@@ -3298,15 +3553,15 @@ extension.</p>
       <pre class="lines">
-361
-362
-363</pre>
+339
+340
+341</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 361</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 339</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_subject_key_identifier'>subject_key_identifier</span>
-    <span class='kw'>return</span> <span class='id identifier rubyid_r509_extensions'>r509_extensions</span><span class='lbracket'>[</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>SubjectKeyIdentifier</span><span class='rbracket'>]</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_subject_alternative_name'>subject_alternative_name</span>
+  <span class='kw'>return</span> <span class='id identifier rubyid_extensions'>extensions</span><span class='lbracket'>[</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>SubjectAlternativeName</span><span class='rbracket'>]</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -3314,9 +3569,9 @@ extension.</p>
 </div>
       <div class="method_details ">
-  <h3 class="signature " id="subject_names-instance_method">
+  <h3 class="signature " id="subject_key_identifier-instance_method">
-    - (<tt>Array</tt>) <strong>subject_names</strong>
+    - (<tt><span class='object_link'><a href="Cert/Extensions/SubjectKeyIdentifier.html" title="R509::Cert::Extensions::SubjectKeyIdentifier (class)">R509::Cert::Extensions::SubjectKeyIdentifier</a></span></tt>) <strong>subject_key_identifier</strong>
@@ -3325,7 +3580,9 @@ extension.</p>
 </h3><div class="docstring">
   <div class="discussion">
-<p>Return the CN, as well as all the subject alternative names (SANs).</p>
+<p>Returns this object's SubjectKeyIdentifier extension as an R509 extension</p>
+<p>if this cert does not have a SubjectKeyIdentifier extension.</p>
   </div>
@@ -3338,13 +3595,13 @@ extension.</p>
     <li>
-        <span class='type'>(<tt>Array</tt>)</span>
+        <span class='type'>(<tt><span class='object_link'><a href="Cert/Extensions/SubjectKeyIdentifier.html" title="R509::Cert::Extensions::SubjectKeyIdentifier (class)">R509::Cert::Extensions::SubjectKeyIdentifier</a></span></tt>)</span>
         &mdash;
         <div class='inline'>
-<p>the array of names. Returns an empty array if there are no names, at all.</p>
+<p>The object, or nil</p>
 </div>
     </li>
@@ -3357,23 +3614,15 @@ extension.</p>
       <pre class="lines">
-205
-206
-207
-208
-209
-210
-211</pre>
+323
+324
+325</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 205</span>
-<span class='kw'>def</span> <span class='id identifier rubyid_subject_names'>subject_names</span>
-    <span class='id identifier rubyid_ret'>ret</span> <span class='op'>=</span> <span class='lbracket'>[</span><span class='rbracket'>]</span>
-    <span class='id identifier rubyid_ret'>ret</span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_subject_cn'>subject_cn</span> <span class='kw'>unless</span> <span class='id identifier rubyid_subject_cn'>subject_cn</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
-    <span class='id identifier rubyid_ret'>ret</span><span class='period'>.</span><span class='id identifier rubyid_concat'>concat</span><span class='lparen'>(</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_san_names'>san_names</span> <span class='rparen'>)</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 323</span>
-    <span class='kw'>return</span> <span class='id identifier rubyid_ret'>ret</span><span class='period'>.</span><span class='id identifier rubyid_sort'>sort</span><span class='period'>.</span><span class='id identifier rubyid_uniq'>uniq</span>
+<span class='kw'>def</span> <span class='id identifier rubyid_subject_key_identifier'>subject_key_identifier</span>
+  <span class='kw'>return</span> <span class='id identifier rubyid_extensions'>extensions</span><span class='lbracket'>[</span><span class='const'>R509</span><span class='op'>::</span><span class='const'>Cert</span><span class='op'>::</span><span class='const'>Extensions</span><span class='op'>::</span><span class='const'>SubjectKeyIdentifier</span><span class='rbracket'>]</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -3424,19 +3673,19 @@ extension.</p>
       <pre class="lines">
-72
-73
-74
-75
-76</pre>
+67
+68
+69
+70
+71</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 72</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 67</span>
 <span class='kw'>def</span> <span class='id identifier rubyid_to_der'>to_der</span>
-    <span class='kw'>if</span> <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span><span class='lparen'>(</span><span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>X509</span><span class='op'>::</span><span class='const'>Certificate</span><span class='rparen'>)</span>
-        <span class='kw'>return</span> <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_to_der'>to_der</span>
-    <span class='kw'>end</span>
+  <span class='kw'>if</span> <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span><span class='lparen'>(</span><span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>X509</span><span class='op'>::</span><span class='const'>Certificate</span><span class='rparen'>)</span>
+    <span class='kw'>return</span> <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_to_der'>to_der</span>
+  <span class='kw'>end</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -3491,19 +3740,19 @@ extension.</p>
       <pre class="lines">
-61
-62
-63
-64
-65</pre>
+56
+57
+58
+59
+60</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 61</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 56</span>
 <span class='kw'>def</span> <span class='id identifier rubyid_to_pem'>to_pem</span>
-    <span class='kw'>if</span> <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span><span class='lparen'>(</span><span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>X509</span><span class='op'>::</span><span class='const'>Certificate</span><span class='rparen'>)</span>
-        <span class='kw'>return</span> <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_to_pem'>to_pem</span><span class='period'>.</span><span class='id identifier rubyid_chomp'>chomp</span>
-    <span class='kw'>end</span>
+  <span class='kw'>if</span> <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span><span class='lparen'>(</span><span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>X509</span><span class='op'>::</span><span class='const'>Certificate</span><span class='rparen'>)</span>
+    <span class='kw'>return</span> <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_to_pem'>to_pem</span><span class='period'>.</span><span class='id identifier rubyid_chomp'>chomp</span>
+  <span class='kw'>end</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -3555,15 +3804,15 @@ extensions that do not have R509 implementations.</p>
       <pre class="lines">
-325
-326
-327</pre>
+285
+286
+287</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 325</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 285</span>
 <span class='kw'>def</span> <span class='id identifier rubyid_unknown_extensions'>unknown_extensions</span>
-    <span class='kw'>return</span> <span class='const'>Extensions</span><span class='period'>.</span><span class='id identifier rubyid_get_unknown_extensions'>get_unknown_extensions</span><span class='lparen'>(</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_cert'>cert</span><span class='period'>.</span><span class='id identifier rubyid_extensions'>extensions</span> <span class='rparen'>)</span>
+  <span class='kw'>return</span> <span class='const'>Extensions</span><span class='period'>.</span><span class='id identifier rubyid_get_unknown_extensions'>get_unknown_extensions</span><span class='lparen'>(</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_cert'>cert</span><span class='period'>.</span><span class='id identifier rubyid_extensions'>extensions</span> <span class='rparen'>)</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -3610,15 +3859,15 @@ times in the certificate.</p>
       <pre class="lines">
-140
-141
-142</pre>
+123
+124
+125</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 140</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 123</span>
 <span class='kw'>def</span> <span class='id identifier rubyid_valid?'>valid?</span>
-    <span class='id identifier rubyid_valid_at?'>valid_at?</span><span class='lparen'>(</span><span class='const'>Time</span><span class='period'>.</span><span class='id identifier rubyid_now'>now</span><span class='rparen'>)</span>
+  <span class='id identifier rubyid_valid_at?'>valid_at?</span><span class='lparen'>(</span><span class='const'>Time</span><span class='period'>.</span><span class='id identifier rubyid_now'>now</span><span class='rparen'>)</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -3685,31 +3934,31 @@ the time provided</p>
       <pre class="lines">
-148
-149
-150
-151
-152
-153
-154
-155
-156
-157
-158</pre>
+131
+132
+133
+134
+135
+136
+137
+138
+139
+140
+141</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 148</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 131</span>
 <span class='kw'>def</span> <span class='id identifier rubyid_valid_at?'>valid_at?</span><span class='lparen'>(</span><span class='id identifier rubyid_time'>time</span><span class='rparen'>)</span>
-    <span class='kw'>if</span> <span class='id identifier rubyid_time'>time</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span><span class='lparen'>(</span><span class='const'>Integer</span><span class='rparen'>)</span>
-        <span class='id identifier rubyid_time'>time</span> <span class='op'>=</span> <span class='const'>Time</span><span class='period'>.</span><span class='id identifier rubyid_at'>at</span><span class='lparen'>(</span><span class='id identifier rubyid_time'>time</span><span class='rparen'>)</span>
-    <span class='kw'>end</span>
-    <span class='kw'>if</span> <span class='lparen'>(</span><span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_not_after'>not_after</span> <span class='op'>&lt;</span> <span class='id identifier rubyid_time'>time</span><span class='rparen'>)</span> <span class='kw'>or</span> <span class='lparen'>(</span><span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_not_before'>not_before</span> <span class='op'>&gt;</span> <span class='id identifier rubyid_time'>time</span><span class='rparen'>)</span>
-        <span class='kw'>false</span>
-    <span class='kw'>else</span>
-        <span class='kw'>true</span>
-    <span class='kw'>end</span>
+  <span class='kw'>if</span> <span class='id identifier rubyid_time'>time</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span><span class='lparen'>(</span><span class='const'>Integer</span><span class='rparen'>)</span>
+    <span class='id identifier rubyid_time'>time</span> <span class='op'>=</span> <span class='const'>Time</span><span class='period'>.</span><span class='id identifier rubyid_at'>at</span><span class='lparen'>(</span><span class='id identifier rubyid_time'>time</span><span class='rparen'>)</span>
+  <span class='kw'>end</span>
+  <span class='kw'>if</span> <span class='lparen'>(</span><span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_not_after'>not_after</span> <span class='op'>&lt;</span> <span class='id identifier rubyid_time'>time</span><span class='rparen'>)</span> <span class='kw'>or</span> <span class='lparen'>(</span><span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_not_before'>not_before</span> <span class='op'>&gt;</span> <span class='id identifier rubyid_time'>time</span><span class='rparen'>)</span>
+    <span class='kw'>false</span>
+  <span class='kw'>else</span>
+    <span class='kw'>true</span>
+  <span class='kw'>end</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -3763,15 +4012,15 @@ IO-like object.</p>
       <pre class="lines">
-266
-267
-268</pre>
+240
+241
+242</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 266</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 240</span>
 <span class='kw'>def</span> <span class='id identifier rubyid_write_der'>write_der</span><span class='lparen'>(</span><span class='id identifier rubyid_filename_or_io'>filename_or_io</span><span class='rparen'>)</span>
-    <span class='id identifier rubyid_write_data'>write_data</span><span class='lparen'>(</span><span class='id identifier rubyid_filename_or_io'>filename_or_io</span><span class='comma'>,</span> <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_to_der'>to_der</span><span class='rparen'>)</span>
+  <span class='id identifier rubyid_write_data'>write_data</span><span class='lparen'>(</span><span class='id identifier rubyid_filename_or_io'>filename_or_io</span><span class='comma'>,</span> <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_to_der'>to_der</span><span class='rparen'>)</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -3825,15 +4074,15 @@ IO-like object.</p>
       <pre class="lines">
-259
-260
-261</pre>
+233
+234
+235</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 259</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 233</span>
 <span class='kw'>def</span> <span class='id identifier rubyid_write_pem'>write_pem</span><span class='lparen'>(</span><span class='id identifier rubyid_filename_or_io'>filename_or_io</span><span class='rparen'>)</span>
-    <span class='id identifier rubyid_write_data'>write_data</span><span class='lparen'>(</span><span class='id identifier rubyid_filename_or_io'>filename_or_io</span><span class='comma'>,</span> <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_to_pem'>to_pem</span><span class='rparen'>)</span>
+  <span class='id identifier rubyid_write_data'>write_data</span><span class='lparen'>(</span><span class='id identifier rubyid_filename_or_io'>filename_or_io</span><span class='comma'>,</span> <span class='ivar'>@cert</span><span class='period'>.</span><span class='id identifier rubyid_to_pem'>to_pem</span><span class='rparen'>)</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -3923,23 +4172,23 @@ IO-like object.</p>
       <pre class="lines">
-275
-276
-277
-278
-279
-280
-281</pre>
+249
+250
+251
+252
+253
+254
+255</pre>
     </td>
     <td>
-      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 275</span>
+      <pre class="code"><span class="info file"># File 'lib/r509/cert.rb', line 249</span>
 <span class='kw'>def</span> <span class='id identifier rubyid_write_pkcs12'>write_pkcs12</span><span class='lparen'>(</span><span class='id identifier rubyid_filename_or_io'>filename_or_io</span><span class='comma'>,</span><span class='id identifier rubyid_password'>password</span><span class='comma'>,</span><span class='id identifier rubyid_friendly_name'>friendly_name</span><span class='op'>=</span><span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>r509 pkcs12</span><span class='tstring_end'>'</span></span><span class='rparen'>)</span>
-    <span class='kw'>if</span> <span class='ivar'>@key</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
-        <span class='id identifier rubyid_raise'>raise</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>R509Error</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Writing a PKCS12 requires both key and cert</span><span class='tstring_end'>&quot;</span></span>
-    <span class='kw'>end</span>
-    <span class='id identifier rubyid_pkcs12'>pkcs12</span> <span class='op'>=</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>PKCS12</span><span class='period'>.</span><span class='id identifier rubyid_create'>create</span><span class='lparen'>(</span><span class='id identifier rubyid_password'>password</span><span class='comma'>,</span><span class='id identifier rubyid_friendly_name'>friendly_name</span><span class='comma'>,</span><span class='ivar'>@key</span><span class='period'>.</span><span class='id identifier rubyid_key'>key</span><span class='comma'>,</span><span class='ivar'>@cert</span><span class='rparen'>)</span>
-    <span class='id identifier rubyid_write_data'>write_data</span><span class='lparen'>(</span><span class='id identifier rubyid_filename_or_io'>filename_or_io</span><span class='comma'>,</span> <span class='id identifier rubyid_pkcs12'>pkcs12</span><span class='period'>.</span><span class='id identifier rubyid_to_der'>to_der</span><span class='rparen'>)</span>
+  <span class='kw'>if</span> <span class='ivar'>@key</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
+    <span class='id identifier rubyid_raise'>raise</span> <span class='const'>R509</span><span class='op'>::</span><span class='const'>R509Error</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Writing a PKCS12 requires both key and cert</span><span class='tstring_end'>&quot;</span></span>
+  <span class='kw'>end</span>
+  <span class='id identifier rubyid_pkcs12'>pkcs12</span> <span class='op'>=</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>PKCS12</span><span class='period'>.</span><span class='id identifier rubyid_create'>create</span><span class='lparen'>(</span><span class='id identifier rubyid_password'>password</span><span class='comma'>,</span><span class='id identifier rubyid_friendly_name'>friendly_name</span><span class='comma'>,</span><span class='ivar'>@key</span><span class='period'>.</span><span class='id identifier rubyid_key'>key</span><span class='comma'>,</span><span class='ivar'>@cert</span><span class='rparen'>)</span>
+  <span class='id identifier rubyid_write_data'>write_data</span><span class='lparen'>(</span><span class='id identifier rubyid_filename_or_io'>filename_or_io</span><span class='comma'>,</span> <span class='id identifier rubyid_pkcs12'>pkcs12</span><span class='period'>.</span><span class='id identifier rubyid_to_der'>to_der</span><span class='rparen'>)</span>
 <span class='kw'>end</span></pre>
     </td>
   </tr>
@@ -3951,9 +4200,9 @@ IO-like object.</p>
 </div>
     <div id="footer">
-  Generated on Thu Nov  8 14:19:26 2012 by
+  Generated on Tue Apr 16 10:49:56 2013 by
   <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
-  0.8.2.1 (ruby-1.9.3).
+  0.8.5 (ruby-1.9.3).
 </div>
   </body>