Trail of Bits has collaborated with the Python Cryptographic Authority to create cryptography-x509-verification, a new implementation of the X.509 path validation algorithm in Rust. This implementation provides a fast, standards-compliant, and memory-safe alternative to OpenSSL’s X.509 APIs for certificate verification. The implementation is included in Cryptography’s 42.0.0 release series, allowing Python developers to use it immediately. Additionally, Trail of Bits has developed x509-limbo, a test suite for evaluating the conformity and behavior of different X.509 path validation implementations. The implementation of X.509 path validation is crucial for ensuring security and availability in the Python ecosystem and the internet as a whole.
https://blog.trailofbits.com/2024/01/25/we-build-x-509-chains-so-you-dont-have-to/