Python OpenSSL: How to create an X509Name object

Question

I need to filter incoming X509 certificates by issuer, and I am using Pyhton's OpenSSL.crypto for this. However, I did not find how to create an X509Name object as a constant, which I need to compare with the value I get from cert.get_issuer().

To phrase the question differently: is it safe to do string comparison on X509Name objects? I recall that in LDAP string-rendering on DNs can be implementation dependent in corner cases. — rhoerbe, Nov 17 '15 at 21:24

score 1 · Answer 1 · answered May 30 '16 at 01:40

Best thing I can think of, for you to create a new X509Name is to use

name = crypto.X509Name(crypto.X509().get_subject())

and subsequently populate the attributes via

name.__setattr__(att_name, attr_value)

However, for comparison alone, better to use the hash() builtin function of the class, that returns a hash for the whole name, or do a per-attribute comparison

Python OpenSSL: How to create an X509Name object

1 Answers1