{"library":"ocspbuilder","title":"OCSP Builder (ocspbuilder)","description":"ocspbuilder is a Python library designed to simplify the creation and signing of Online Certificate Status Protocol (OCSP) requests and responses for X.509 certificates. It acts as a higher-level abstraction over the `cryptography` library, focusing on the builder pattern for OCSP structures. The current stable version is 0.10.2. While not updated frequently, it provides stable functionality for OCSP operations.","language":"python","status":"active","last_verified":"Fri May 15","install":{"commands":["pip install ocspbuilder"],"cli":null},"imports":["from ocspbuilder import OCSPRequestBuilder","from ocspbuilder import OCSPResponseBuilder","from ocspbuilder.extension import Nonce"],"auth":{"required":false,"env_vars":[]},"quickstart":{"code":"import datetime\nfrom cryptography import x509\nfrom cryptography.hazmat.backends import default_backend\nfrom cryptography.hazmat.primitives import hashes, serialization\nfrom cryptography.hazmat.primitives.asymmetric import rsa\n\nfrom ocspbuilder import OCSPRequestBuilder, OCSPResponseBuilder\nfrom ocspbuilder.extension import Nonce\n\n# --- 1. Generate dummy certificates for a runnable example ---\n# In a real scenario, you would load these from files/database.\n\n# CA Key and Cert\nca_key = rsa.generate_private_key(public_exponent=65537, key_size=2048, backend=default_backend())\nca_subject = x509.Name([x509.NameAttribute(x509.NameOID.COMMON_NAME, u\"OCSP Test CA\")])\nca_cert = (\n x509.CertificateBuilder()\n .subject_name(ca_subject)\n .issuer_name(ca_subject)\n .public_key(ca_key.public_key())\n .serial_number(x509.random_serial_number())\n .not_valid_before(datetime.datetime.utcnow())\n .not_valid_after(datetime.datetime.utcnow() + datetime.timedelta(days=365))\n .add_extension(x509.BasicConstraints(ca=True, path_length=None), critical=True)\n .sign(ca_key, hashes.SHA256(), default_backend())\n)\n\n# Issued Cert Key and Cert (signed by CA)\nissued_key = rsa.generate_private_key(public_exponent=65537, key_size=2048, backend=default_backend())\nissued_subject = x509.Name([x509.NameAttribute(x509.NameOID.COMMON_NAME, u\"OCSP Test Cert\")])\nissued_cert = (\n x509.CertificateBuilder()\n .subject_name(issued_subject)\n .issuer_name(ca_subject) # Signed by CA\n .public_key(issued_key.public_key())\n .serial_number(x509.random_serial_number())\n .not_valid_before(datetime.datetime.utcnow())\n .not_valid_after(datetime.datetime.utcnow() + datetime.timedelta(days=365))\n .add_extension(x509.BasicConstraints(ca=False, path_length=None), critical=True)\n .sign(ca_key, hashes.SHA256(), default_backend())\n)\n\n# --- 2. Build an OCSP Request ---\nrequest_builder = OCSPRequestBuilder()\nrequest_builder = request_builder.add_cert(issued_cert, ca_cert) # Cert to check, and its issuer\nrequest_builder = request_builder.add_extension(Nonce.build()) # Add a common extension\n\nocsp_request = request_builder.build()\n\nprint(\"OCSP Request built successfully.\")\nprint(f\"Request bytes length: {len(ocsp_request.public_bytes(encoding=serialization.Encoding.DER))}\")\n\n# --- 3. Build an OCSP Response (e.g., 'good' status) ---\n# The OCSP responder needs its own certificate and private key to sign the response.\n# For this example, we'll reuse the CA's key/cert as the responder.\n# In a production environment, this would be a dedicated responder cert.\n\nocsp_responder_key = ca_key\nocsp_responder_cert = ca_cert\n\nresponse_builder = OCSPResponseBuilder(ocsp_request) # Initialize with the received request\nresponse_builder = response_builder.add_response(\n cert=issued_cert,\n issuer=ca_cert,\n cert_status=x509.ocsp.OCSPCertStatus.GOOD, # Example status\n this_update=datetime.datetime.utcnow(),\n next_update=datetime.datetime.utcnow() + datetime.timedelta(hours=1),\n)\n\nocsp_response = response_builder.build(\n signer_certificate=ocsp_responder_cert,\n signer_private_key=ocsp_responder_key,\n hash_algorithm=hashes.SHA256() # Algorithm used to sign the response\n)\n\nprint(\"OCSP Response built successfully.\")\nprint(f\"Response bytes length: {len(ocsp_response.public_bytes(encoding=serialization.Encoding.DER))}\")\n\n# Optional: Verify the response using cryptography directly\n# This demonstrates that ocspbuilder outputs standard cryptography objects\nparsed_response = x509.ocsp.load_der_ocsp_response(ocsp_response.public_bytes(encoding=serialization.Encoding.DER))\nprint(f\"Number of responses in parsed OCSP response: {len(parsed_response.responses)}\")\nprint(f\"Status for first cert in response: {parsed_response.responses[0].certificate_status}\")\n","lang":"python","description":"This quickstart demonstrates how to create both an OCSP request and then build a corresponding 'good' status OCSP response. It includes necessary certificate generation steps (using `cryptography`) to make the example runnable from scratch. Key steps involve using `OCSPRequestBuilder` to add certificates to be checked and extensions, and `OCSPResponseBuilder` to specify the status and sign the response with an appropriate responder certificate and key.","tag":null,"tag_description":null,"last_tested":null,"results":[]},"compatibility":{"tag":null,"tag_description":null,"last_tested":"2026-05-15","installed_version":"0.10.2","pypi_latest":"0.10.2","is_stale":false,"summary":{"python_range":"3.10–3.9","success_rate":100,"avg_install_s":1.8,"avg_import_s":0.16,"wheel_type":"wheel"},"results":[{"runtime":"python:3.10-alpine","python_version":"3.10","os_libc":"alpine (musl)","variant":"ocspbuilder","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"broken","install_time_s":null,"import_time_s":null,"mem_mb":null,"disk_size":"20.7M"},{"runtime":"python:3.10-slim","python_version":"3.10","os_libc":"slim (glibc)","variant":"ocspbuilder","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"clean","install_time_s":1.8,"import_time_s":0.1,"mem_mb":5.6,"disk_size":"21M"},{"runtime":"python:3.11-alpine","python_version":"3.11","os_libc":"alpine (musl)","variant":"ocspbuilder","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"broken","install_time_s":null,"import_time_s":null,"mem_mb":null,"disk_size":"23.0M"},{"runtime":"python:3.11-slim","python_version":"3.11","os_libc":"slim (glibc)","variant":"ocspbuilder","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"clean","install_time_s":1.8,"import_time_s":0.21,"mem_mb":6.2,"disk_size":"24M"},{"runtime":"python:3.12-alpine","python_version":"3.12","os_libc":"alpine (musl)","variant":"ocspbuilder","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"broken","install_time_s":null,"import_time_s":null,"mem_mb":null,"disk_size":"14.8M"},{"runtime":"python:3.12-slim","python_version":"3.12","os_libc":"slim (glibc)","variant":"ocspbuilder","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"clean","install_time_s":1.7,"import_time_s":0.19,"mem_mb":5.9,"disk_size":"15M"},{"runtime":"python:3.13-alpine","python_version":"3.13","os_libc":"alpine (musl)","variant":"ocspbuilder","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"broken","install_time_s":null,"import_time_s":null,"mem_mb":null,"disk_size":"14.5M"},{"runtime":"python:3.13-slim","python_version":"3.13","os_libc":"slim (glibc)","variant":"ocspbuilder","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"clean","install_time_s":1.7,"import_time_s":0.2,"mem_mb":6.8,"disk_size":"15M"},{"runtime":"python:3.9-alpine","python_version":"3.9","os_libc":"alpine (musl)","variant":"ocspbuilder","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"broken","install_time_s":null,"import_time_s":null,"mem_mb":null,"disk_size":"20.2M"},{"runtime":"python:3.9-slim","python_version":"3.9","os_libc":"slim (glibc)","variant":"ocspbuilder","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"clean","install_time_s":1.9,"import_time_s":0.11,"mem_mb":5.3,"disk_size":"21M"}]}}