pyopenssl
pyopenssl copied to clipboard
pyca
A Python wrapper around the OpenSSL library
I'n trying to set up a system to generate and check certificates using pyopenssl. In my test suite I am generating certificates, with all sorts of faults. When I generate...
In regards to [CRL verify context ](https://github.com/pyca/pyopenssl/pull/483), does this verification method support [indirect CRL issuers](https://books.google.ca/books?id=ERSfUmmthMYC&pg=PT153&lpg=PT153&dq=indirect+CRL+issuers&source=bl&ots=nrzsLQniQh&sig=E6f1aH8x60sqbLWaPTh5OG0PNKo&hl=en&sa=X&ved=0ahUKEwi8vLag2ofOAhXmxYMKHQCsCBsQ6AEITTAH#v=onepage&q=indirect%20CRL%20issuers&f=false)?
Currently, PKCS#7 support in pyOpenSSL appears to be limited to retrieving metadata for a subset of fields, e.g whether it is signed, enveloped, or etc. However, there is no support...
The docs for `shutdown` say: ``` :return: True if the shutdown completed successfully (i.e. both sides have sent closure alerts), false otherwise (i.e. you have to wait for a ZeroReturnError...
Hi, openssl provides an API to add custom extensions on ClientHello/ServerHello messages through SSL_CTX_add_server_custom_ext / SSL_CTX_add_client_custom_ext ( https://www.openssl.org/docs/ssl/SSL_CTX_add_server_custom_ext.html ). Is there a way to do something like this with pyopenssl?
When executing this code (http://hastebin.com/arinusefex.py) on "twitter.com" (which only displays basic informations and X509 extensions of the certificate), it raises an exception on the last extension, which oid is :...
I have this code: ``` challenge = b("THis is challenge") digest = "sha1" pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, PRIVKEY) cert = crypto.load_certificate(crypto.FILETYPE_PEM, SELFCERT) signature = crypto.sign(pkey, challenge, digest) crypto.verify(cert, signature, challenge, digest)...
The pyopenssl API for CRLs is kind of weird. Case 1: crl.get_revoked() returns None for empty CRLs The natural use case for this is to iterate over the revoked objects...
The TLS specification defines the `close_notify` alert [“in order to avoid a truncation attack”](http://tools.ietf.org/html/rfc5246#section-7.2.1). This is to say, if you have a protocol which says something like ``` sql DELETE...
Hi there, I tried to hunt down https://github.com/mitmproxy/mitmproxy/issues/472 today and encountered a strange pyOpenSSL bug. If the server 1. requests renegotiation (`Hello Request`), 2. (unsuccessfully) asks for a client certificate...
