Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add certificate, CA chain and private key validation to tutorial #6229

Closed
WilliamDEdwards opened this issue Aug 25, 2021 · 1 comment
Closed

Comments

@WilliamDEdwards
Copy link

Validating a certificate, CA chain and private key are quite trivial in pyOpenSSL, but https://pypi.org/project/pyOpenSSL/ says:

Note: The Python Cryptographic Authority strongly suggests the use of pyca/cryptography where possible. If you are using pyOpenSSL for anything other than making a TLS connection you should move to cryptography and drop your pyOpenSSL dependency.

Perhaps, this trivial use case could be added to https://cryptography.io/en/latest/x509/tutorial/.

@reaperhulk
Copy link
Member

Validation is definitely not a trivial feature. pyOpenSSL doesn't really make it easy, but it is possible using X509Stores and the underlying OpenSSL semantics. cryptography does not currently support this, which makes certificate validation still something pyOpenSSL should be used for.

In the future cryptography may support this but implementing it (agnostic of OpenSSL and correctly) is a very real challenge (refs: #2381)

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 25, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Development

No branches or pull requests

2 participants