verification: add missing max_chain_depth kwargs (pyca#9847)

Missed these on the original PR. Signed-off-by: William Woodruff <[email protected]>
trail-of-forks · Nov 9, 2023 · e7dbca6 · e7dbca6
1 parent 8caafd7
commit e7dbca6
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 2 deletions.
diff --git a/docs/x509/verification.rst b/docs/x509/verification.rst
@@ -57,6 +57,12 @@ chain building, etc.
 
         The verifier's validation time.
 
+    .. attribute:: max_chain_depth
+
+        :type: :class:`int`
+
+        The verifier's maximum intermediate CA chain depth.
+
     .. attribute:: store
 
         :type: :class:`Store`

diff --git a/src/cryptography/x509/verification.py b/src/cryptography/x509/verification.py
@@ -38,7 +38,11 @@ def time(self, new_time: datetime.datetime) -> PolicyBuilder:
         if self._time is not None:
             raise ValueError("The validation time may only be set once.")
 
-        return PolicyBuilder(time=new_time, store=self._store)
+        return PolicyBuilder(
+            time=new_time,
+            store=self._store,
+            max_chain_depth=self._max_chain_depth,
+        )
 
     def store(self, new_store: Store) -> PolicyBuilder:
         """
@@ -48,7 +52,11 @@ def store(self, new_store: Store) -> PolicyBuilder:
         if self._store is not None:
             raise ValueError("The trust store may only be set once.")
 
-        return PolicyBuilder(time=self._time, store=new_store)
+        return PolicyBuilder(
+            time=self._time,
+            store=new_store,
+            max_chain_depth=self._max_chain_depth,
+        )
 
     def max_chain_depth(self, new_max_chain_depth: int) -> PolicyBuilder:
         """