[Cryptography-dev] help: pica cryptography get subjectAltNames

Carlos Garza carlos.garza at rackspace.com
Fri Jun 27 05:56:34 CEST 2014 

    I ended up just setting my asn1Spec to Classes in pyasn1_modules.rfc2459
in my decoder.decode invocations. Seems to work for me. The pyOpenSSL stuff seems
to have a way to grab the extensions as a list from an X509 but I would still have
to revert to pyasn1 to decode the general names etc so I figured just
use the pyasn1 module directly instead of mixing calls.

On Jun 26, 2014, at 8:03 PM, Glyph Lefkowitz <glyph at twistedmatrix.com>
 wrote:

> Does pyOpenSSL have this functionality built in?  My understanding is that it doesn't, which is why <https://pypi.python.org/pypi/service_identity> uses pyasn1 for ASN.1 extension parsing.  (By the way, you probably just want to use the service_identity module unless you're doing something truly unusual with SANs ;-)).
> 
> -glyph
> 
> On Jun 26, 2014, at 12:59 PM, Carlos Garza <carlos.garza at rackspace.com> wrote:
> 
>>   That works out great for me. I didn't know if I had time right now to add functionality
>> to the cryptography project but I have a deadline. My first choice was to use pyasn1 and I already
>> have written utile to extract the altNames but I'll consider PyOpenSSL as I'm more mature
>> by now then when I first used it back in the python 2.4 days.
>> 
>>    Paul let me know when and how I can contribute to the hazmat code. It looks like a wonderful
>> project that I want to contribute out side of my work obligations. I'm impressed by the mathematics
>> behind it. Please advise me on when and how I can contribute. 
>> 
>> On Jun 26, 2014, at 9:15 AM, Paul Kehrer <paul.l.kehrer at gmail.com> wrote:
>> 
>>> As lvh says, PyOpenSSL is the right tool for the job at this time. cryptography has no support for X509 parsing at a level above its C bindings. That will eventually change, but PyOpenSSL has tools for this right now.
>>> 
>>> 
>>> On June 26, 2014 at 8:05:47 AM, Laurens Van Houtven (_ at webseducer.com) wrote:
>>> 
>>>> Hi Carlos, 
>>>> 
>>>> 
>>>> This sounds like a job for PyOpenSSL, which uses Cryptography internally. I think it has support for what you need, but even if there’s a bit missing, it probably makes a lot of sense to add it to PyOpenSSL, particularly since we hope to be releasing 0.15 soon. 
>>>> 
>>>> 
>>>> hth 
>>>> lvh 
>>>> _______________________________________________ 
>>>> Cryptography-dev mailing list 
>>>> Cryptography-dev at python.org 
>>>> https://mail.python.org/mailman/listinfo/cryptography-dev 
>>> _______________________________________________
>>> Cryptography-dev mailing list
>>> Cryptography-dev at python.org
>>> https://mail.python.org/mailman/listinfo/cryptography-dev
>> 
>> _______________________________________________
>> Cryptography-dev mailing list
>> Cryptography-dev at python.org
>> https://mail.python.org/mailman/listinfo/cryptography-dev
> 
> _______________________________________________
> Cryptography-dev mailing list
> Cryptography-dev at python.org
> https://mail.python.org/mailman/listinfo/cryptography-dev

More information about the Cryptography-dev mailing list