pyopenssl
pyopenssl copied to clipboard
pyca
A Python wrapper around the OpenSSL library
TL;DR: PR #859 CRL `get_revoked` emits either a `None` or a `Tuple` depending on whether there are revoked certificates. This makes for awkward syntax by the caller: ``` _revoked: Optional[Tuple[Any]]...
In multiple places in docs, the sign() functions are noted to take ``bytes`` objects as the digest. However, this does not work since in many places pyopenssl is doing .encode()...
This leak only happens if a CSR is generated with a 'req_extensions' section containing things like X509v3 Basic Constraints: CA:FALSE X509v3 Key Usage: Digital Signature, Non Repudiation, Key Encipherment X509v3...
My .p12 file contains two entries. I thought that my file as normal p12 file but the keytool shows it as PKCS#12 Keystore.  How can i read all two...
https://www.openssl.org/docs/manmaster/man3/d2i_SSL_SESSION.html If you want to support lower-latency handshakes upon reconnection and you have more than one TLS terminating process, you need to have an external session cache. Without wrapping these...
TLS 1.3 introduced post-handshake authentication for TLS client certs. The feature is required for e.g. HTTP servers that require TLS client cert authentication depending on HTTP method and/or path. *...
using (py)OpenSSL version 19.1.0 on my side 1. Within the `OpenSSL.crypto.X509Extension` class, a method like `.get_oid()` to return the raw OID for an extension that is returning the short name...
Hi, I am maintaining pytds package. I use pyopenssl to implement TLS connectivity. I got this error report from multiple users: https://github.com/denisenkom/pytds/issues/106. Here is the stack trace: ``` Traceback (most...
From the openssl 1.1.0f manual page for X509_NAME_PRINT_EX(3SSL) ``` NOTES The functions X509_NAME_oneline() and X509_NAME_print() are legacy functions which produce a non standard output form, they don't handle multi character...
The correct method name should be `set_session_id_`**`context`**, since it is a wrapper around https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_set_session_id_context.html. Somewhat understandably the original implementation probably thought "context" was just a redundant-for-no-reason copy of "`CTX`", but...