Open vEpiphyte opened 7 months ago
cc: @woodruffw
Looks like there's two pieces you need here:
Both of these are tracked in https://github.com/pyca/cryptography/issues/10034
Figuring out CLRs is going to require some API design work on our part. It looks like your implementation relies on having pre-fetched the CRLs, and not loading them on-demand.
@alex Correct - I am assuming that CRLs are present ahead of time ( and very much not assuming that it is the job of cryptography to retrieve them ).
If these pieces are being correctly tracked in #10034 we can close this issue out to avoid duplication.
https://github.com/pyca/cryptography/pull/10345 adds verification without a subject.
CRL is the remaining piece here. We still need to figure out what we want to do in terms of API design there.
Hello!
I've been working on updating some code to utilize cryptography in favor of PyOpenSSL due to the API deprecation in the older project.
The only code that I can not currently remove is related to the use of X509Store and X509StoreContext. That is utilized for doing certificate validation. For example:
I believe my use case aligns with https://github.com/pyca/cryptography/issues/10276 ( doing code signing and/or user cert verification ). Current docs for the verification APIS ( https://cryptography.io/en/42.0.2/x509/verification/ ) don't seem to support setting CRLs or flag setting.
Is this type of use case in scope for work in https://github.com/pyca/cryptography/pull/10345 ?