Service identity verification for pyOpenSSL & cryptography.
Use this package if:
service-identity aspires to give you all the tools you need for verifying whether a certificate is valid for the intended purposes. In the simplest case, this means host name verification. However, service-identity implements RFC 6125 fully.
service-identity is released under the MIT license, its documentation lives at Read the Docs, the code on GitHub, and the latest release on PyPI.
service-identity is written and maintained by Hynek Schlawack.
The development is kindly supported by my employer Variomedia AG, service-identity's Tidelift subscribers, and all my amazing GitHub Sponsors.
Available as part of the Tidelift Subscription.
The maintainers of service-identity and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open-source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. Learn more.
commonName in certificates has been dropped.
It has been deprecated since 2017 and isn't supported by any major browser.pyopenssl backend) is now 17.0.0.
When using such an old pyOpenSSL version, you have to pin cryptography yourself to ensure compatibility between them.
Please check out contraints/oldest-pyopenssl.txt to verify what we are testing against.service_identity.(cryptography|pyopenssl).extract_ids(), please switch to the new names extract_patterns().
#56service_identity.(cryptography|pyopenssl).extract_patterns() are now public APIs (FKA extract_ids()).
You can use them to extract the patterns from a certificate without verifying anything.
#55