Fetching latest commit…
Cannot retrieve the latest commit at this time.
|Failed to load latest commit information.|
X.509 Certificate Parser for Python This is probably the most complete parser of X.509 certificates in python. Requirements: pyasn1 >= 0.1.4 Code is in alpha stage! Don't use for anything sensitive. I wrote it (based on previous work of colleagues) since there is no comprehensive python parser for X.509 certificates. Often python programmers had to parse openssl output. Advantages: - I find it less painful to use than parsing output of 'openssl x509' - somewhat stricter in extension parsing compared to openssl Disadvantages: - it's slow compared to openssl (about 2.3x compared to RHEL's openssl-1.0-fips) - currently not very strict in what string types in RDNs it accepts - API is still rather ugly and has no documentation yet; code is nasty at some places (and there's some old dangling code like pkcs7/verifier.py) Parsing utility: There is testing utility that shows how to extract information from certificates programatically. It can be run from command line: python pyx509/x509_parse.py path/to/certificate.der Known bugs and quirks: - name constraints don't distinguish among various GeneralName subtypes - some extensions are not shown very nicely when put in string format - not all extensions are supported - string types accepted for various RDN subelements are rather too permissive - RDN string conversion does not conform to RFC 4514 - badly formed extensions are ignored if not marked critical - easy to switch to more strict behavior - other clients do this as well; RFC 5280 specifies behavior for unknown elements in extensions in appendix B.1, but does not cover all cases (e.g. element exists, but with string type different from spec)