verify-x509 is a minimalistic implementation of X.509 certificate validation logic. It is intended for use with applications and protocols that use X.509 PKI without TLS/SSL. Its features are:
- Certificate chain building to the Mozilla trust store
- Point-in-time validation of not-before/not-after constraints
- Plugin architecture for X.509 extension processing
- Offline operation (while OCSP responses and CRLs can be passed by the caller, verify-x509 makes no network calls)
verify-x509 implements elements of the following RFCs RFC 5280
pip install verify-x509
from verify_x509 import X509Verifier
...- Andrey Kislyuk
- Project home page (GitHub)
- Documentation
- Package distribution (PyPI)
- Change log
- IETF RFC 3161: Time-Stamp Protocol (TSP)
Please report bugs, issues, feature requests, etc. on GitHub.
Copyright 2022-2023, Andrey Kislyuk and verify-x509 contributors. Licensed under the terms of the Apache License, Version 2.0. Distribution of the LICENSE and NOTICE files with source copies of this package and derivative works is REQUIRED as specified by the Apache License.