For #17134 I need a decent way to map OIDs to human readable strings and vice versa. OpenSSL has a couple of method for the task, e.g. http://www.openssl.org/docs/crypto/OBJ_nid2obj.html

The patch implements three ways to lookup NID, SN, LN and OID: by OpenSSL's internal numeric id (NID), by OID or by name:

>>> ssl.txt2obj("MD5", name=True)
ASN1Object(nid=4, shortname='MD5', longname='md5', oid='1.2.840.113549.2.5')
>>> ssl.txt2obj("clientAuth", name=True)
ASN1Object(nid=130, shortname='clientAuth', longname='TLS Web Client Authentication', oid='1.3.6.1.5.5.7.3.2')
>>> ssl.txt2obj("1.3.6.1.5.5.7.3.1")
ASN1Object(nid=129, shortname='serverAuth', longname='TLS Web Server Authentication', oid='1.3.6.1.5.5.7.3.1')

Thanks for the feed back! The new patch implements a class with two additional class methods. The low level functions are no longer part of the public API.

Does anybody want to do a review of the patch?

If it's for #17134, couldn't it remain a private API?

I'm rather uncomfortable about exposing such things unless we make the ssl module a full-fledged toolbox to handle X509 certificates (and perhaps think a bit more about the APIs). Are there any common use cases?

OK, let's keep it as private API for now and maybe make it public in 3.5. I'm going to rename ASN1Object to _ASN1Object, remove the docs and adjust the tests. Agreed?

> OK, let's keep it as private API for now and maybe make it public in
> 3.5. I'm going to rename ASN1Object to _ASN1Object, remove the docs
> and adjust the tests. Agreed?

Yup.

New changeset f43f65038e2a by Christian Heimes in branch 'default':
Issue #19448: Add private API to SSL module to lookup ASN.1 objects by OID, NID, short name and long name.
http://hg.python.org/cpython/rev/f43f65038e2a

Thanks!

New changeset 7d914d4b05fe by Christian Heimes in branch 'default':
Issue #19448: report name / NID in exception message of ASN1Object
http://hg.python.org/cpython/rev/7d914d4b05fe