Service Identity Verification for pyOpenSSL & cryptography

Release UNRELEASED (What’s new?)

Use this package if:

  • you want to verify that a PyCA cryptography certificate is valid for a certain hostname or IP address,

  • or if you use pyOpenSSL and don’t want to be MITMed,

  • or if you want to inspect certificates from either for service IDs.

service-identity aspires to give you all the tools you need for verifying whether a certificate is valid for the intended purposes. In the simplest case, this means host name verification. However, service-identity implements RFC 6125 fully.

Also check out pem that makes loading certificates from all kinds of PEM-encoded files a breeze!

User’s Guide

Indices and tables

service-identity for Enterprise

Available as part of the Tidelift Subscription.

The maintainers of service-identity and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open-source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. Learn more.