Konstantin Shemyak

CI step `pyca/check` has been stuck for two days 🤔

Now I think that it would be more appropriate to move this method under `x509.base.Certificate`? The method has nothing specific to OpenSSL and it will be equally well used by...

Force-push: implemented [suggestion to assert type](https://github.com/pyca/cryptography/pull/5950#discussion_r612036700).

Force-push: the new method is implemented completely under `x509`; no new code under `hazmat` anymore. To remind, the final goal of this work is to implement certificate validation (#2381). This...

Force-push: rebase on updated `main`.

^ rebase on updated `main`. @reaperhulk , @alex - what is your view on this approach? While this is only first step out of three, I believe it's also useful...

Branch updated on `main`. I'm 100% happy with making the method public and naming it in any way; the goal is to get the certificate validation :slightly_smiling_face:

@ronf Thank you for the deep comments! > Does this mean that the verify callback will be called sequentially on each certificate in a chain? If you are passing the...

@baloo What is the practice in the project - I'd love to cleanup the commits, "hide the sausage making" by squashing the review comments into their "parents", and force-push. This...

Branch force-pushed with the following changes: - Corrections suggested by @baloo squashed to their corresponding commits - With one exception: I'm not (yet?) silently calling the default certificate verification callback...