Skip to content

tangrambpm/pyx509

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

64 Commits

pyx509

pyx509

 
 

.gitignore

.gitignore

 
 

CHANGES.txt

CHANGES.txt

 
 

LICENSE.txt

LICENSE.txt

 
 

MANIFEST.in

MANIFEST.in

 
 

README.txt

README.txt

 
 

setup.py

setup.py

 
 

Repository files navigation

pyx509: X.509 Certificate and PKCS7 Parser / Verifier for Python
################################################################

This is a fork of the original project:

    pyx509 - Python library for parsing X.509
    Copyright (C) 2009-2012  CZ.NIC, z.s.p.o. (http://www.nic.cz)

Work in progress!

Description
===========

This is probably the most complete parser of X.509 certificates in python.

Code is in alpha stage! Don't use for anything sensitive. I wrote it (based on
previous work of colleagues) since there is no comprehensive python parser for
X.509 certificates. Often python programmers had to parse openssl output.

Advantages
----------

* I find it less painful to use than parsing output of 'openssl x509'
  somewhat stricter in extension parsing compared to openssl

Disadvantages
-------------

* It's slow compared to openssl (about 2.3x compared to RHEL's openssl-1.0-fips)

* Currently not very strict in what string types in RDNs it accepts

* API is still rather ugly and has no documentation yet; code is nasty at some
  places (and there's some old dangling code like pkcs7/verifier.py)


Dependencies
============

* pyasn1 >= 0.1.7

License
=======

LGPL v2 or later.

See LICENSE.txt.


Known bugs and quirks
=====================

* Subject alternative name doesn't show all subtypes,
  but 'DNS', 'dirName' and 'email' are supported.

* Name constraints don't distinguish among various GeneralName subtypes

* Some extensions are not shown very nicely when put in string format

* Not all extensions are supported

* String types accepted for various RDN subelements are rather too permissive

* RDN string conversion does not conform to RFC 4514

* Badly formed extensions are ignored if not marked critical

  * easy to switch to more strict behavior

  * other clients do this as well; RFC 5280 specifies behavior for unknown
    elements in extensions in appendix B.1, but does not cover all cases (e.g.
    element exists, but with string type different from spec)

TODO
====

* Publish in Pypi

* Cleanup: This module has it's own pyasn1 models. Look if we can
  reuse the pyasn1_modules.rfc2459 X509 cert model.

* Cleanup: Currently, the signature verifier does not work.

About

Parser of X.509 certificates

Resources

Readme

License

View license
Activity
Custom properties

Stars

8 stars

Watchers

3 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%