%global _empty_manifest_terminate_build 0 Name: python-pyhanko-certvalidator Version: 0.22.0 Release: 1 Summary: Validates X.509 certificates and paths; forked from wbond/certvalidator License: MIT URL: https://github.com/MatthiasValvekens/certvalidator Source0: https://mirrors.nju.edu.cn/pypi/web/packages/3d/ef/1cf2e23b9ce29ccd2664abeb87ca2138e9650bbf15eeb20ad811671b1bc9/pyhanko-certvalidator-0.22.0.tar.gz BuildArch: noarch Requires: python3-asn1crypto Requires: python3-oscrypto Requires: python3-cryptography Requires: python3-uritools Requires: python3-requests Requires: python3-aiohttp Requires: python3-types-requests Requires: python3-pyhanko-certvalidator[testing] Requires: python3-pytest Requires: python3-pytest-cov Requires: python3-freezegun Requires: python3-aiohttp Requires: python3-pytest-aiohttp Requires: python3-pyhanko-certvalidator[async-http] %description # certvalidator This library started as a fork of [wbond/certvalidator](https://github.com/wbond/certvalidator) with patches for [pyHanko](https://github.com/MatthiasValvekens/pyHanko), but has since diverged considerably from its parent repository. Bugs and questions regarding this library should be asked in the [pyHanko repository](https://github.com/MatthiasValvekens/pyHanko/discussions) rather than here. `pyhanko-certvalidator` is a Python library for validating X.509 certificates paths. It supports various options, including: validation at a specific moment in time, whitelisting and revocation checks. - [Features](#features) - [Current Release](#current-release) - [Installation](#installation) - [License](#license) - [Documentation](#documentation) - [Continuous Integration](#continuous-integration) - [Testing](#testing) ## Features - X.509 path building - X.509 basic path validation - Signatures - RSA (including PSS padding), DSA, ECDSA and EdDSA algorithms. - Name chaining - Validity dates - Basic constraints extension - CA flag - Path length constraint - Key usage extension - Extended key usage extension - Certificate policies - Policy constraints - Policy mapping - Inhibit anyPolicy - Failure on unknown/unsupported critical extensions - TLS/SSL server validation - Whitelisting certificates - Blacklisting hash algorithms - Revocation checks - CRLs - Indirect CRLs - Delta CRLs - OCSP checks - Delegated OCSP responders - Disable, require or allow soft failures - Caching of CRLs/OCSP responses - CRL and OCSP HTTP clients - Point-in-time validation - Name constraints - Attribute certificate support ## Current Release ![pypi](https://img.shields.io/pypi/v/pyhanko-certvalidator.svg) - [changelog](changelog.md) ## Dependencies - *asn1crypto* - *cryptography* - *uritools* - *oscrypto* - *requests* or *aiohttp* (use the latter for more efficient asyncio, requires resource management) - Python 3.7, 3.8, 3.9 or 3.10 ### Note on compatibility Starting with `pyhanko-certvalidator` version `0.17.0`, the library has been refactored to use asynchronous I/O as much as possible. Most high-level API entrypoints can still be used synchronously, but have been deprecated in favour of their asyncio equivalents. As part of this move, the OCSP and CRL clients now have two separate implementations: a `requests`-based one, and an `aiohttp`-based one. The latter is probably more performant, but requires more resource management efforts on the caller's part, which was impossible to implement without making major breaking changes to the public API that would make the migration path more complicated. Therefore, the `requests`-based fetcher will remain the default for the time being. ## Installation ```bash pip install pyhanko-certvalidator ``` ## License *certvalidator* is licensed under the terms of the MIT license. See the [LICENSE](LICENSE) file for the exact license text. ## Documentation [*certvalidator* documentation](docs/readme.md) ## Continuous Integration Various combinations of platforms and versions of Python are tested via: - [GitHub Actions](https://github.com/MatthiasValvekens/certvalidator/actions) ## Testing ### Test framework Tests are written using `pytest` and require an asynchronous test case backend such as `pytest-asyncio`. ### Test cases The test cases for the library are comprised of: - [Public Key Interoperability Test Suite from NIST](http://csrc.nist.gov/groups/ST/crypto_apps_infra/pki/pkitesting.html) - [OCSP tests from OpenSSL](https://github.com/openssl/openssl/blob/master/test/recipes/80-test_ocsp.t) - Various certificates generated for TLS certificate validation Existing releases can be found at https://pypi.org/project/pyhanko-certvalidator. %package -n python3-pyhanko-certvalidator Summary: Validates X.509 certificates and paths; forked from wbond/certvalidator Provides: python-pyhanko-certvalidator BuildRequires: python3-devel BuildRequires: python3-setuptools BuildRequires: python3-pip %description -n python3-pyhanko-certvalidator # certvalidator This library started as a fork of [wbond/certvalidator](https://github.com/wbond/certvalidator) with patches for [pyHanko](https://github.com/MatthiasValvekens/pyHanko), but has since diverged considerably from its parent repository. Bugs and questions regarding this library should be asked in the [pyHanko repository](https://github.com/MatthiasValvekens/pyHanko/discussions) rather than here. `pyhanko-certvalidator` is a Python library for validating X.509 certificates paths. It supports various options, including: validation at a specific moment in time, whitelisting and revocation checks. - [Features](#features) - [Current Release](#current-release) - [Installation](#installation) - [License](#license) - [Documentation](#documentation) - [Continuous Integration](#continuous-integration) - [Testing](#testing) ## Features - X.509 path building - X.509 basic path validation - Signatures - RSA (including PSS padding), DSA, ECDSA and EdDSA algorithms. - Name chaining - Validity dates - Basic constraints extension - CA flag - Path length constraint - Key usage extension - Extended key usage extension - Certificate policies - Policy constraints - Policy mapping - Inhibit anyPolicy - Failure on unknown/unsupported critical extensions - TLS/SSL server validation - Whitelisting certificates - Blacklisting hash algorithms - Revocation checks - CRLs - Indirect CRLs - Delta CRLs - OCSP checks - Delegated OCSP responders - Disable, require or allow soft failures - Caching of CRLs/OCSP responses - CRL and OCSP HTTP clients - Point-in-time validation - Name constraints - Attribute certificate support ## Current Release ![pypi](https://img.shields.io/pypi/v/pyhanko-certvalidator.svg) - [changelog](changelog.md) ## Dependencies - *asn1crypto* - *cryptography* - *uritools* - *oscrypto* - *requests* or *aiohttp* (use the latter for more efficient asyncio, requires resource management) - Python 3.7, 3.8, 3.9 or 3.10 ### Note on compatibility Starting with `pyhanko-certvalidator` version `0.17.0`, the library has been refactored to use asynchronous I/O as much as possible. Most high-level API entrypoints can still be used synchronously, but have been deprecated in favour of their asyncio equivalents. As part of this move, the OCSP and CRL clients now have two separate implementations: a `requests`-based one, and an `aiohttp`-based one. The latter is probably more performant, but requires more resource management efforts on the caller's part, which was impossible to implement without making major breaking changes to the public API that would make the migration path more complicated. Therefore, the `requests`-based fetcher will remain the default for the time being. ## Installation ```bash pip install pyhanko-certvalidator ``` ## License *certvalidator* is licensed under the terms of the MIT license. See the [LICENSE](LICENSE) file for the exact license text. ## Documentation [*certvalidator* documentation](docs/readme.md) ## Continuous Integration Various combinations of platforms and versions of Python are tested via: - [GitHub Actions](https://github.com/MatthiasValvekens/certvalidator/actions) ## Testing ### Test framework Tests are written using `pytest` and require an asynchronous test case backend such as `pytest-asyncio`. ### Test cases The test cases for the library are comprised of: - [Public Key Interoperability Test Suite from NIST](http://csrc.nist.gov/groups/ST/crypto_apps_infra/pki/pkitesting.html) - [OCSP tests from OpenSSL](https://github.com/openssl/openssl/blob/master/test/recipes/80-test_ocsp.t) - Various certificates generated for TLS certificate validation Existing releases can be found at https://pypi.org/project/pyhanko-certvalidator. %package help Summary: Development documents and examples for pyhanko-certvalidator Provides: python3-pyhanko-certvalidator-doc %description help # certvalidator This library started as a fork of [wbond/certvalidator](https://github.com/wbond/certvalidator) with patches for [pyHanko](https://github.com/MatthiasValvekens/pyHanko), but has since diverged considerably from its parent repository. Bugs and questions regarding this library should be asked in the [pyHanko repository](https://github.com/MatthiasValvekens/pyHanko/discussions) rather than here. `pyhanko-certvalidator` is a Python library for validating X.509 certificates paths. It supports various options, including: validation at a specific moment in time, whitelisting and revocation checks. - [Features](#features) - [Current Release](#current-release) - [Installation](#installation) - [License](#license) - [Documentation](#documentation) - [Continuous Integration](#continuous-integration) - [Testing](#testing) ## Features - X.509 path building - X.509 basic path validation - Signatures - RSA (including PSS padding), DSA, ECDSA and EdDSA algorithms. - Name chaining - Validity dates - Basic constraints extension - CA flag - Path length constraint - Key usage extension - Extended key usage extension - Certificate policies - Policy constraints - Policy mapping - Inhibit anyPolicy - Failure on unknown/unsupported critical extensions - TLS/SSL server validation - Whitelisting certificates - Blacklisting hash algorithms - Revocation checks - CRLs - Indirect CRLs - Delta CRLs - OCSP checks - Delegated OCSP responders - Disable, require or allow soft failures - Caching of CRLs/OCSP responses - CRL and OCSP HTTP clients - Point-in-time validation - Name constraints - Attribute certificate support ## Current Release ![pypi](https://img.shields.io/pypi/v/pyhanko-certvalidator.svg) - [changelog](changelog.md) ## Dependencies - *asn1crypto* - *cryptography* - *uritools* - *oscrypto* - *requests* or *aiohttp* (use the latter for more efficient asyncio, requires resource management) - Python 3.7, 3.8, 3.9 or 3.10 ### Note on compatibility Starting with `pyhanko-certvalidator` version `0.17.0`, the library has been refactored to use asynchronous I/O as much as possible. Most high-level API entrypoints can still be used synchronously, but have been deprecated in favour of their asyncio equivalents. As part of this move, the OCSP and CRL clients now have two separate implementations: a `requests`-based one, and an `aiohttp`-based one. The latter is probably more performant, but requires more resource management efforts on the caller's part, which was impossible to implement without making major breaking changes to the public API that would make the migration path more complicated. Therefore, the `requests`-based fetcher will remain the default for the time being. ## Installation ```bash pip install pyhanko-certvalidator ``` ## License *certvalidator* is licensed under the terms of the MIT license. See the [LICENSE](LICENSE) file for the exact license text. ## Documentation [*certvalidator* documentation](docs/readme.md) ## Continuous Integration Various combinations of platforms and versions of Python are tested via: - [GitHub Actions](https://github.com/MatthiasValvekens/certvalidator/actions) ## Testing ### Test framework Tests are written using `pytest` and require an asynchronous test case backend such as `pytest-asyncio`. ### Test cases The test cases for the library are comprised of: - [Public Key Interoperability Test Suite from NIST](http://csrc.nist.gov/groups/ST/crypto_apps_infra/pki/pkitesting.html) - [OCSP tests from OpenSSL](https://github.com/openssl/openssl/blob/master/test/recipes/80-test_ocsp.t) - Various certificates generated for TLS certificate validation Existing releases can be found at https://pypi.org/project/pyhanko-certvalidator. %prep %autosetup -n pyhanko-certvalidator-0.22.0 %build %py3_build %install %py3_install install -d -m755 %{buildroot}/%{_pkgdocdir} if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi pushd %{buildroot} if [ -d usr/lib ]; then find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst fi if [ -d usr/lib64 ]; then find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst fi if [ -d usr/bin ]; then find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst fi if [ -d usr/sbin ]; then find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst fi touch doclist.lst if [ -d usr/share/man ]; then find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst fi popd mv %{buildroot}/filelist.lst . mv %{buildroot}/doclist.lst . %files -n python3-pyhanko-certvalidator -f filelist.lst %dir %{python3_sitelib}/* %files help -f doclist.lst %{_docdir}/* %changelog * Wed May 10 2023 Python_Bot - 0.22.0-1 - Package Spec generated