Konstantin Shemyak

@jvanasco I have not updated the branch since long time, but it is supposed to do exactly what you expect: > For example, if a certificate chain is: > >...

> Pet peeve: The term "certificate chain" is an oversimplification and only applies in the most trivial case. Path building is much more complicated and messy. For Let's Encrypt uses...

The branch is rebased on top of (also rebased and updated) #5116 . The latter is valuable by itself (not only as a prerequisite for this PR). In fact yet...

> One more issue - the method name is_issued_by() seem not match the implementation. From name I would expect boolean function instead, without verify: ``` def is_issued_by(self, issuer_candiate): return issuer_candidate.subject...

> I see from other branch that you have `Certificate.verify()` method there, which does full-cert-store validation. That seems to be mistake - initial cert-store implementation can be simple but the...

Branch force-pushed with suggestion by @markokr : along with the initially implemented `leaf_cert.is_issued_by(ca_cert)`, the mirroring `ca_cert.is_issuer_of(leaf_cert)` is added. Previous branch point saved as [is_issued_by-v2](https://github.com/KonstantinShemyak/cryptography/tree/is_issued_by-v2) for reference.

An "unintended" force-push: forgot to add the corresponding abstract method of the `Certificate` class.

Closing was a mistake, re-opening

Now we have two PRs adding the same functionality: this one and #5367 . The latter adds one more OpenSSL hook, this PR is Python-only. #5367 follows behavior of `X509_check_issued()`,...

Here is a screenshot of the rendered updates to the documentation.