Use this package if:
- you want to verify that a PyCA cryptography certificate is valid for a certain hostname or IP address,
- or if you use pyOpenSSL and don’t want to be MITMed,
- or if you want to inspect certificates from either for service IDs.
service-identity aspires to give you all the tools you need for verifying whether a certificate is valid for the intended purposes. In the simplest case, this means host name verification. However, service-identity implements RFC 6125 fully.
Also check out pem that makes loading certificates from all kinds of PEM-encoded files a breeze!
service-identity is released under the MIT license, its documentation lives at Read the Docs, the code on GitHub, and the latest release on PyPI.
service-identity is written and maintained by Hynek Schlawack.
The development is kindly supported by my employer Variomedia AG, service-identity's Tidelift subscribers, and all my amazing GitHub Sponsors.
Available as part of the Tidelift Subscription.
The maintainers of service-identity and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open-source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. Learn more.