Project: service-identity

Service identity verification for pyOpenSSL & cryptography.

Project Details

Latest version
23.1.0
Home Page
PyPI Page
https://pypi.org/project/service-identity/

Project Popularity

PageRank
0.006692981671544341
Number of downloads
2420028

Service Identity Verification for pyOpenSSL & cryptography

Use this package if:

  • you want to verify that a PyCA cryptography certificate is valid for a certain hostname or IP address,
  • or if you use pyOpenSSL and don’t want to be MITMed,
  • or if you want to inspect certificates from either for service IDs.

service-identity aspires to give you all the tools you need for verifying whether a certificate is valid for the intended purposes. In the simplest case, this means host name verification. However, service-identity implements RFC 6125 fully.

Project Information

service-identity is released under the MIT license, its documentation lives at Read the Docs, the code on GitHub, and the latest release on PyPI.

Credits

service-identity is written and maintained by Hynek Schlawack.

The development is kindly supported by my employer Variomedia AG, service-identity's Tidelift subscribers, and all my amazing GitHub Sponsors.

service-identity for Enterprise

Available as part of the Tidelift Subscription.

The maintainers of service-identity and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open-source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. Learn more.

Release Information

Removed

  • All Python versions up to and including 3.7 have been dropped.
  • Support for commonName in certificates has been dropped. It has been deprecated since 2017 and isn't supported by any major browser.
  • The oldest supported pyOpenSSL version (when using the pyopenssl backend) is now 17.0.0. When using such an old pyOpenSSL version, you have to pin cryptography yourself to ensure compatibility between them. Please check out contraints/oldest-pyopenssl.txt to verify what we are testing against.

Deprecated

  • If you've used service_identity.(cryptography|pyopenssl).extract_ids(), please switch to the new names extract_patterns(). #56

Added

  • service_identity.(cryptography|pyopenssl).extract_patterns() are now public APIs (FKA extract_ids()). You can use them to extract the patterns from a certificate without verifying anything. #55
  • service-identity is now fully typed. #57

→ Complete Changelog