danetrain

I'm thinking the API should expose pretty limited functionality. Basically I think the user will just initialize the validating object from a list of trusted certs and call a validate...

Here's a code sample of what I'm working on so far. The only user-facing methods are verify_certificate_chain and verify_certificate_signature. Note that the verify_certificate_signature method is only a stub for the...

@etrauschke : The decision to build a Validator class instead of adding additional functionality to the x509 object is that it presents a more convenient way for the user to...

@schlenk: "`cert_chain[0]` should be the root CA to use" is inconsistent with RFC 5280. Section 6.1 indicates that the first certificate should be **issued** by a trust anchor. These trust...

Thanks! Yeah I realized that this would also be an issue yesterday. Unless the `fingerprint()` method only hashes the `tbsCertificate` bytes then we have to do one of the following...