Using OpenSSL I can check the validity of user X.509 certificates through the following command:
openssl verify -crl_check -CAfile $CRL_chain_path $PEM_path
with:
$CRL_chain_path: the path of a base64 file containing the trusted certificate chain and theCRLentries$PEM_path: the path of my base64 certificate to be checked.
How could the same thing be achieved with Python3? So far I'm using the cryptography library. Unfortunately, according to this issue, the functionality is not yet included. Moreover, I would like to avoid bash command usage (subprocess, os, etc.).
This question only covers the chain of trust topic (which is unfortunately not enough). This one checks SSL/TLS sessions, which cannot be used in my context due to the fact that I focus on user PKI public keys.
Is there a simple way with Python to check the validity of X.509 certificates (date ok, chain of trust, no revocation, any other check performed by OpenSSL?, etc.)?
