Skip to content

tomrittervg/pyx509

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code
This branch is 4 commits ahead, 1 commit behind hiviah:master.

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
X.509 Certificate Parser for Python

This is probably the most complete parser of X.509 certificates in python.

Requirements:
pyasn1 >= 0.1.4

Code is in alpha stage! Don't use for anything sensitive. I wrote it (based on
previous work of colleagues) since there is no comprehensive python parser for
X.509 certificates. Often python programmers had to parse openssl output.

Advantages:

- I find it less painful to use than parsing output of 'openssl x509'
- somewhat stricter in extension parsing compared to openssl

Disadvantages:

- it's slow compared to openssl (about 2.3x compared to RHEL's openssl-1.0-fips)
- currently not very strict in what string types in RDNs it accepts
- API is still rather ugly and has no documentation yet; code is nasty at some
  places (and there's some old dangling code like pkcs7/verifier.py)

Parsing utility:

There is testing utility that shows how to extract information from certificates
programatically. It can be run from command line:

    python pyx509/x509_parse.py path/to/certificate.der

Known bugs and quirks:

- name constraints don't distinguish among various GeneralName subtypes
- some extensions are not shown very nicely when put in string format
- not all extensions are supported
- string types accepted for various RDN subelements are rather too permissive
- RDN string conversion does not conform to RFC 4514
- badly formed extensions are ignored if not marked critical
  - easy to switch to more strict behavior
  - other clients do this as well; RFC 5280 specifies behavior for unknown
    elements in extensions in appendix B.1, but does not cover all cases (e.g.
    element exists, but with string type different from spec)

About

Parser of X.509 certificates

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%