Replace PyOpenSSL use with `cryptography` library from pypa
library to use: https://pypi.org/project/cryptography/
The code itself uses PyOpenssl in two areas:
Validation a certificate is in PEM format here
Ensuring a certificate is unexpired here
Ensuring a client certificate is signed by the CA certificate here
Replacement calls in
load_pem_x509_certificate call expects a PEM encoded cert (not DNR) so we can test this provides validation at instantiation time.
We can probably manually check a valid certificate's usng the `Certificate.not_valid_after attribute against the current UTC time.
I do not see how to validate that a valid PEM certificate was signed by another valid PEM certificate.
Please register to edit this issue