AIA - Authority Information Access chaser

raw JSON →
0.2.0 verified Mon Apr 27 auth: no python

AIA is a Python library for chasing Authority Information Access (AIA) extensions in TLS certificate chains, building and verifying certificate paths using OpenSSL. Current version is 0.2.0, with an unknown release cadence (appears sporadically maintained).

pip install aia

Common errors

error ImportError: No module named 'aia'
cause The library is not installed or installed in a different environment.
fix
Run 'pip install aia' and ensure you are using the correct Python interpreter.
error OpenSSL.SSL.Error: [('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')]
cause The AIA URL returns a certificate that cannot be verified, or the root store is missing.
fix
Provide a proper X509Store object with trusted roots: from OpenSSL.crypto import X509Store, X509StoreContext; store = X509Store(); ...
error TypeError: initial_value must be str or None, not bytes
cause Passing a bytes certificate to OpenSSL's load_certificate instead of a string.
fix
Decode bytes to string: cert_pem = open('cert.pem', 'rb').read().decode('utf-8')

Warnings

breaking The library is pre-1.0 and may have breaking changes between minor versions. The API surface is small but not stable.
fix Pin dependency to exact version: aia==0.2.0
gotcha Requires OpenSSL installed on the system (libssl-dev on Debian). Fails silently if OpenSSL not found.
fix Install OpenSSL development headers: apt-get install libssl-dev
gotcha The 'chase' function may hang or timeout if the AIA URL is unreachable or slow. No default timeout.
fix Wrap call with timeout or run in a separate thread with timeout.

Imports

Quickstart

Load a PEM certificate and chase its AIA extension to build the issuer chain.

from aia import chase
from OpenSSL import crypto

cert = crypto.load_certificate(crypto.FILETYPE_PEM, open('cert.pem').read())
chain = chase(cert, store=None)
print('Chain length:', len(chain))
last verified Mon Apr 27
next check Sun Jul 26