wbond/certvalidator wbond/certvalidator

  • Stars
    star
    106
  • Rank 319,262 (Top 7 %)
  • Language
    Python
  • License
    MIT License
  • Created over 8 years ago
  • Updated 10 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
wbond/certvalidator
github

wbond

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Python library for validating X.509 certificates and paths

certvalidator

A Python library for validating X.509 certificates or paths. Supports various options, including: validation at a specific moment in time, whitelisting and revocation checks.

GitHub Actions CI CircleCI PyPI

Features

  • X.509 path building
  • X.509 basic path validation
    • Signatures
      • RSA, DSA and EC algorithms
    • Name chaining
    • Validity dates
    • Basic constraints extension
      • CA flag
      • Path length constraint
    • Key usage extension
    • Extended key usage extension
    • Certificate policies
      • Policy constraints
      • Policy mapping
      • Inhibit anyPolicy
    • Failure on unknown/unsupported critical extensions
  • TLS/SSL server validation
  • Whitelisting certificates
  • Blacklisting hash algorithms
  • Revocation checks
    • CRLs
      • Indirect CRLs
      • Delta CRLs
    • OCSP checks
      • Delegated OCSP responders
    • Disable, require or allow soft failures
    • Caching of CRLs/OCSP responses
  • CRL and OCSP HTTP clients
  • Point-in-time validation

Unsupported features:

  • Name constraints

Related Crypto Libraries

certvalidator is part of the modularcrypto family of Python packages:

Current Release

0.11.1 - changelog

Dependencies

  • asn1crypto
  • oscrypto
  • Python 2.6, 2.7, 3.2, 3.3, 3.4, 3.5, 3.6, 3.7, 3.8, 3.9 or pypy

Installation

pip install certvalidator

License

certvalidator is licensed under the terms of the MIT license. See the LICENSE file for the exact license text.

Documentation

certvalidator documentation

Continuous Integration

Various combinations of platforms and versions of Python are tested via:

Testing

Tests are written using unittest and require no third-party packages.

Depending on what type of source is available for the package, the following commands can be used to run the test suite.

Git Repository

When working within a Git working copy, or an archive of the Git repository, the full test suite is run via:

python run.py tests

To run only some tests, pass a regular expression as a parameter to tests.

python run.py tests path

PyPi Source Distribution

When working within an extracted source distribution (aka .tar.gz) from PyPi, the full test suite is run via:

python setup.py test

Test Cases

The test cases for the library are comprised of:

Development

To install the package used for linting, execute:

pip install --user -r requires/lint

The following command will run the linter:

python run.py lint

Support for code coverage can be installed via:

pip install --user -r requires/coverage

Coverage is measured by running:

python run.py coverage

To install the packages requires to generate the API documentation, run:

pip install --user -r requires/api_docs

The documentation can then be generated by running:

python run.py api_docs

The following will run a test that connects to all (non-adult) sites in the Alexa top 1000 that respond on port 443:

python run.py stress_test

Once the script is complete, results that differ between the OS validation and the certvalidator validation will be listed for further debugging.

To change the version number of the package, run:

python run.py version {pep440_version}

To install the necessary packages for releasing a new version on PyPI, run:

pip install --user -r requires/release

Releases are created by:

  • Making a git tag in PEP 440 format

  • Running the command:

    python run.py release

Existing releases can be found at https://pypi.org/project/certvalidator.

CI Tasks

A task named deps exists to ensure a modern version of pip is installed, along with all necessary testing dependencies.

The ci task runs lint (if flake8 is avaiable for the version of Python) and coverage (or tests if coverage is not available for the version of Python). If the current directory is a clean git working copy, the coverage data is submitted to codecov.io.

python run.py deps
python run.py ci

More Repositories

1

package_control

The Sublime Text package manager
Python
4,755
star
2

package_control_channel

Default channel file for Package Control. Follow the directions at:
Python
1,242
star
3

sublime_terminal

Launch terminals from the current file or the root project folder
Python
596
star
4

sublime_alignment

Easy alignment of multiple selections and multi-line selections
Python
521
star
5

oscrypto

Compiler-free Python crypto library backed by the OS, supporting CPython and PyPy
Python
321
star
6

asn1crypto

Python ASN.1 library with a focus on performance and a pythonic API
Python
320
star
7

sublime_prefixr

A Sublime Text 2 plugin that runs CSS through the Prefixr API
Python
199
star
8

pybars3

Handlebars.js template support for Python 3 and 2
Python
175
star
9

packagecontrol.io

The Package Control website
Python
110
star
10

md5-js

A modification of Joseph Myers's high-preformance javascript md5 function that hashes unicode characters by first converting to UTF-8. http://jsperf.com/md5-shootout
JavaScript
98
star
11

vat_moss-python

A Python library for dealing with VAT MOSS and Norway VAT on digital services. Includes VAT ID validation, rate calculation based on place of supply, exchange rate and currency tools for invoices.
Python
65
star
12

mtmux

A script that uses tmux for multi-server administration with a tiling interface and synchronized keyboard input along the lines of terminator, clusterssh, multi-gnome-terminal, pconsole, etc.
Shell
51
star
13

vat-moss.js

A Javascript library for dealing with VAT MOSS and Norway VAT on digital services. Includes VAT ID checking, rate calculation based on place of supply, exchange rate and currency tools for invoices.
JavaScript
51
star
14

puremagic

A pure lua module for detecting the mime type of a file based on the contents - inspired by libmagic
Lua
38
star
15

certbuilder

Python library for generating and signing X.509 certificates
Python
34
star
16

ocspbuilder

Python library for generating OCSP requests and responses
Python
32
star
17

badtls.io

Keys, certificates, scripts and configuration for badtls.io
Python
27
star
18

sublime_tortoise

Keyboard shortcuts and menu entries to execute TortoiseSVN, TortoiseHg and TortoiseGit commands
Python
26
star
19

pi-github-runner

Docker config to easily enable arm and arm64 GitHub Actions via the self-hosted runner mechanism
Shell
24
star
20

pymeta3

A Python 3 compatible fork of https://launchpad.net/pymeta
Python
18
star
21

csrbuilder

Python library for generating certificate signing requests (CSRs)
Python
18
star
22

crc32-js-php

A javascript function and PHP snippet that produce identical crc32 checksums
JavaScript
17
star
23

crlbuilder

Python library for creating and signing certificate revocation lists (CRLs)
Python
16
star
24

swift-for-sublime

A modern Swift (5.6) syntax definition for Sublime Text 4
Swift
15
star
25

ChannelRepositoryTools

A Sublime Text package for working with channels and repositories
Python
11
star
26

sublime-sql-tmlanguage

A fork of the default SQL.tmLanguage with support for SQL Server data types and functions
9
star
27

shadow_password_crypt

A python script that generates sha512 password hashes suitable for use with useradd(8)
Python
5
star
28

wbond

4
star
29

SublimeSyntaxHTMLColorizer

Python
4
star
30

unittest_data

A pair of decorators to add data providers/test generators to unittest in Python 2.6, 2.7, 3.3 and 3.4
Python
3
star
31

subversion-cross-compile

Scripts to cross-compile Subversion 1.6, 1.7 and 1.8 from Linux/OS X to Windows
C
2
star
32

handlebars.py

MIT-licensed port of Handlebars.js to Python
Python
2
star
33

package_control-json

A repo to host repository and channel JSON files for testing Package Control
2
star
34

subversion

A fork of subversion that handle localization of dates on windows by only using numbers
C
2
star
35

gears-libsass

Python
1
star