Validates X.509 certificates and paths; forked from wbond/certvalidator
This library started as a fork of wbond/certvalidator with patches for pyHanko, but has since diverged considerably from its parent repository.
Bugs and questions regarding this library should be asked in the pyHanko repository rather than here.
pyhanko-certvalidator
is a Python library for validating X.509 certificates paths. It supports various
options, including: validation at a specific moment in time, whitelisting and revocation checks.
Starting with pyhanko-certvalidator
version 0.17.0
, the library has been refactored to use asynchronous I/O as much as possible. Most high-level API entrypoints can still be used synchronously, but have been deprecated in favour of their asyncio equivalents.
As part of this move, the OCSP and CRL clients now have two separate implementations: a requests
-based one, and an aiohttp
-based one. The latter is probably more performant, but requires more resource management efforts on the caller's part, which was impossible to implement without making major breaking changes to the public API that would make the migration path more complicated. Therefore, the requests
-based fetcher will remain the default for the time being.
pip install pyhanko-certvalidator
certvalidator is licensed under the terms of the MIT license. See the LICENSE file for the exact license text.
Tests are written using pytest
and require an asynchronous test case backend
such as pytest-asyncio
.
The test cases for the library are comprised of:
Existing releases can be found at https://pypi.org/project/pyhanko-certvalidator.