Searching for a usable X509 implementation

Johannes Bauer dfnsonfsduifb at
Mon Jul 6 21:24:59 CEST 2015

On 05.07.2015 07:33, Laura Creighton wrote:

> For an RSA key in PEM format you can do:
> from OpenSSL.crypto import _new_mem_buf, _lib, _bio_to_string
> def dump_rsa_public_key(pkey):
>     bio = _new_mem_buf()
>     result = _lib.PEM_write_bio_RSAPublicKey(bio, _lib.EVP_PKEY_get1_RSA(pkey._
> pkey))
>     # if result == 0: ERROR!  Figure out what you want to do here ...
>     return _bio_to_string(bio)

Oooooh, hacky :-)

> The original version of PyOpenSSL was written by Martin Sjögren, when
> he was working for me, and we had no need for such a thing at the time,
> since we just saved full certificates.  You are right that it is very
> odd that nobody else has needed them since then, and this probably
> should be added to PyOpenSSL.

Sadly my impression is that pyOpenSSL development is slow at best. I've
had an issue with it a while back and was missing some feature which
someone else had already suggested. It kindof was some back and forth in
their bugtracker and then all discussion died.

IIRC (and my memory may be wrong) it was about the ability to check
signatures of one certificate against a well-defined truststore
(especially against only one to identify parent certificates by crypto).
I was frustrated back then about the indecisiveness and wrote my own
wrapper around the functions I needed and was done with it.

Best regards,

>> Wo hattest Du das Beben nochmal GENAU vorhergesagt?
> Zumindest nicht öffentlich!
Ah, der neueste und bis heute genialste Streich unsere großen
Kosmologen: Die Geheim-Vorhersage.
 - Karl Kaos über Rüdiger Thomas in dsa <hidbv3$om2$1 at>

More information about the Python-list mailing list