Service Identity Verification for pyOpenSSL & cryptography

Use this package if:

• you want to verify that a PyCA cryptography certificate is valid for a certain hostname or IP address,
• or if you use pyOpenSSL and don’t want to be MITMed,
• or if you want to inspect certificates from either for service IDs.

service-identity aspires to give you all the tools you need for verifying whether a certificate is valid for the intended purposes. In the simplest case, this means host name verification. However, service-identity implements RFC 6125 fully.

Also check out pem that makes loading certificates from all kinds of PEM-encoded files a breeze!

Project Information

service-identity is released under the MIT license, its documentation lives at Read the Docs, the code on GitHub, and the latest release on PyPI.

Credits

service-identity is written and maintained by Hynek Schlawack.

The development is kindly supported by my employer Variomedia AG, service-identity's Tidelift subscribers, and all my amazing GitHub Sponsors.

service-identity for Enterprise

Available as part of the Tidelift Subscription.

The maintainers of service-identity and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open-source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use.

Release Information

Added

• Python 3.13 is now officially supported. #74

Changed

• pyOpenSSL's identity extraction has been reimplemented using cryptography's primitives instead of deprecated pyOpenSSL APIs. As a result, the oldest supported pyOpenSSL version is now 17.1.0. #70

---

Complete Changelog →