service_identity 17.0.0

Use this package if:

• you use pyOpenSSL and don’t want to be MITMed or
• if you want to verify that a PyCA cryptography certificate is valid for a certain hostname.

service_identity aspires to give you all the tools you need for verifying whether a certificate is valid for the intended purposes.

In the simplest case, this means host name verification. However, service_identity implements RFC 6125 fully and plans to add other relevant RFCs too.

service_identity’s documentation lives at Read the Docs, the code on GitHub.

Release Information

17.0.0 (2017-05-23)

Deprecations:

• Since Chrome 58 and Firefox 48 both don’t accept certificates that contain only a Common Name, its usage is hereby deprecated in service_identity too. We have been raising a warning since 16.0.0 and the support will be removed in mid-2018 for good.

Changes:

• When service_identity.SubjectAltNameWarning is raised, the Common Name of the certificate is now included in the warning message. #17
• Added cryptography.x509 backend for verifying certificates. #18
• Wildcards (*) are now only allowed if they are the leftmost label in a certificate. This is common practice by all major browsers. #19

Full changelog.

Authors

service_identity is written and maintained by Hynek Schlawack.

The development is kindly supported by Variomedia AG.

Other contributors can be found in GitHub’s overview.