Service Identity Verification for pyOpenSSL & cryptography#

Release UNRELEASED (What’s new?)

Use this package if:

  • you want to verify that a PyCA cryptography certificate is valid for a certain hostname or IP address,

  • or if you use pyOpenSSL and don’t want to be MITMed,

  • or if you want to inspect certificates from either for service IDs.

service-identity aspires to give you all the tools you need for verifying whether a certificate is valid for the intended purposes. In the simplest case, this means host name verification. However, service-identity implements RFC 6125 fully.

Please also check out pem that makes loading certificates from all kinds of PEM-encoded files a breeze!

User’s Guide#

Project Information#

service-identity is released under the MIT license, its documentation lives at Read the Docs, the code on GitHub, and the latest release on PyPI.


service-identity is written and maintained by Hynek Schlawack.

The development is kindly supported by my employer Variomedia AG, service-identity’s Tidelift subscribers, and all my amazing GitHub Sponsors.

service-identity for Enterprise#

Available as part of the Tidelift Subscription.

The maintainers of service-identity and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open-source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. Learn more.

Indices and tables#