You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Note: The Python Cryptographic Authority strongly suggests the use of pyca/cryptography where possible. If you are using pyOpenSSL for anything other than making a TLS connection you should move to cryptography and drop your pyOpenSSL dependency.
Validation is definitely not a trivial feature. pyOpenSSL doesn't really make it easy, but it is possible using X509Stores and the underlying OpenSSL semantics. cryptography does not currently support this, which makes certificate validation still something pyOpenSSL should be used for.
In the future cryptography may support this but implementing it (agnostic of OpenSSL and correctly) is a very real challenge (refs: #2381)
Validating a certificate, CA chain and private key are quite trivial in pyOpenSSL, but https://pypi.org/project/pyOpenSSL/ says:
Note: The Python Cryptographic Authority strongly suggests the use of pyca/cryptography where possible. If you are using pyOpenSSL for anything other than making a TLS connection you should move to cryptography and drop your pyOpenSSL dependency.
Perhaps, this trivial use case could be added to https://cryptography.io/en/latest/x509/tutorial/.
The text was updated successfully, but these errors were encountered: