Skip to content

Latest commit

 

History

History
60 lines (48 loc) · 1.87 KB

readme.md

File metadata and controls

60 lines (48 loc) · 1.87 KB

certvalidator Documentation

certvalidator is a Python library for validating X.509 certificates and paths.

The documentation consists of the following topics:

Implementation Details

certvalidator implements the following algorithms:

Supported features include:

  • X.509 path building
  • X.509 basic path validation
    • Signatures
      • RSA, DSA and EC algorithms
    • Name chaining
    • Validity dates
    • Basic constraints extension
      • CA flag
      • Path length constraint
    • Key usage extension
    • Extended key usage extension
    • Certificate policies
      • Policy constraints
      • Policy mapping
      • Inhibit anyPolicy
    • Failure on unknown/unsupported critical extensions
  • TLS/SSL server validation
  • Whitelisting certificates
  • Blacklisting hash algorithms
  • Revocation checks
    • CRLs
      • Indirect CRLs
      • Delta CRLs
    • OCSP checks
      • Delegated OCSP responders
    • Disable, require or allow soft failures
    • Caching of CRLs/OCSP responses
  • CRL and OCSP HTTP clients
  • Point-in-time validation

Currently unsupported features:

  • Name constraints

Testing is performed using: