forked from hiviah/pyx509
tomrittervg/pyx509
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
master
Could not load branches
Nothing to show
Could not load tags
Nothing to show
{{ refName }}
default
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code
-
Clone
Use Git or checkout with SVN using the web URL.
Work fast with our official CLI. Learn more about the CLI.
- Open with GitHub Desktop
- Download ZIP
Sign In Required
Please sign in to use Codespaces.
Launching GitHub Desktop
If nothing happens, download GitHub Desktop and try again.
Launching GitHub Desktop
If nothing happens, download GitHub Desktop and try again.
Launching Xcode
If nothing happens, download Xcode and try again.
Launching Visual Studio Code
Your codespace will open once ready.
There was a problem preparing your codespace, please try again.
This branch is 4 commits ahead, 1 commit behind hiviah:master.
X.509 Certificate Parser for Python This is probably the most complete parser of X.509 certificates in python. Requirements: pyasn1 >= 0.1.4 Code is in alpha stage! Don't use for anything sensitive. I wrote it (based on previous work of colleagues) since there is no comprehensive python parser for X.509 certificates. Often python programmers had to parse openssl output. Advantages: - I find it less painful to use than parsing output of 'openssl x509' - somewhat stricter in extension parsing compared to openssl Disadvantages: - it's slow compared to openssl (about 2.3x compared to RHEL's openssl-1.0-fips) - currently not very strict in what string types in RDNs it accepts - API is still rather ugly and has no documentation yet; code is nasty at some places (and there's some old dangling code like pkcs7/verifier.py) Parsing utility: There is testing utility that shows how to extract information from certificates programatically. It can be run from command line: python pyx509/x509_parse.py path/to/certificate.der Known bugs and quirks: - name constraints don't distinguish among various GeneralName subtypes - some extensions are not shown very nicely when put in string format - not all extensions are supported - string types accepted for various RDN subelements are rather too permissive - RDN string conversion does not conform to RFC 4514 - badly formed extensions are ignored if not marked critical - easy to switch to more strict behavior - other clients do this as well; RFC 5280 specifies behavior for unknown elements in extensions in appendix B.1, but does not cover all cases (e.g. element exists, but with string type different from spec)
About
Parser of X.509 certificates
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published
Languages
- Python 100.0%