Name | truststore JSON |
Version |
0.9.0
JSON |
| download |
home_page | None |
Summary | Verify certificates using native system trust stores |
upload_time | 2024-04-29 17:16:02 |
maintainer | None |
docs_url | None |
author | None |
requires_python | >=3.10 |
license | None |
keywords |
|
VCS |
|
bugtrack_url |
|
requirements |
No requirements were recorded.
|
Travis-CI |
No Travis.
|
coveralls test coverage |
No coveralls.
|
# Truststore
[![PyPI](https://img.shields.io/pypi/v/truststore)](https://pypi.org/project/truststore)
[![CI](https://github.com/sethmlarson/truststore/actions/workflows/ci.yml/badge.svg?branch=main)](https://github.com/sethmlarson/truststore/actions/workflows/ci.yml)
Truststore is a library which exposes native system certificate stores (ie "trust stores")
through an `ssl.SSLContext`-like API. This means that Python applications no longer need to
rely on certifi as a root certificate store. Native system certificate stores
have many helpful features compared to a static certificate bundle like certifi:
- Automatically update certificates as new CAs are created and removed
- Fetch missing intermediate certificates
- Check certificates against certificate revocation lists (CRLs) to avoid monster-in-the-middle (MITM) attacks
- Managed per-system rather than per-application by a operations/IT team
- PyPI is no longer a CA distribution channel 🥳
Right now truststore is a stand-alone library that can be installed globally in your
application to immediately take advantage of the benefits in Python 3.10+. Truststore
has also been integrated into pip as an opt-in method for verifying HTTPS certificates
with truststore instead of certifi.
Long-term the hope is to make truststore the default way to verify HTTPS certificates in pip
and to add this functionality into Python itself. Wish us luck!
## Installation
Truststore is installed from [PyPI](https://pypi.org/project/truststore) with pip:
```{code-block} shell
$ python -m pip install truststore
```
Truststore **requires Python 3.10 or later** and supports the following platforms:
- macOS 10.8+ via [Security framework](https://developer.apple.com/documentation/security)
- Windows via [CryptoAPI](https://docs.microsoft.com/en-us/windows/win32/seccrypto/cryptography-functions#certificate-verification-functions)
- Linux via OpenSSL
## User Guide
> **Warning**
> **PLEASE READ:** `inject_into_ssl()` **must not be used by libraries or packages** as it will cause issues on import time when integrated with other libraries.
> Libraries and packages should instead use `truststore.SSLContext` directly which is detailed below.
>
> The `inject_into_ssl()` function is intended only for use in applications and scripts.
You can inject `truststore` into the standard library `ssl` module so the functionality is used
by every library by default. To do so use the `truststore.inject_into_ssl()` function:
```python
import truststore
truststore.inject_into_ssl()
# Automatically works with urllib3, requests, aiohttp, and more:
import urllib3
http = urllib3.PoolManager()
resp = http.request("GET", "https://example.com")
import aiohttp
http = aiohttp.ClientSession()
resp = await http.request("GET", "https://example.com")
import requests
resp = requests.get("https://example.com")
```
If you'd like finer-grained control or you're developing a library or package you can create your own `truststore.SSLContext` instance
and use it anywhere you'd use an `ssl.SSLContext`:
```python
import ssl
import truststore
ctx = truststore.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
import urllib3
http = urllib3.PoolManager(ssl_context=ctx)
resp = http.request("GET", "https://example.com")
```
You can read more in the [user guide in the documentation](https://truststore.readthedocs.io/en/latest/#user-guide).
## License
MIT
Raw data
{
"_id": null,
"home_page": null,
"name": "truststore",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.10",
"maintainer_email": null,
"keywords": null,
"author": null,
"author_email": "Seth Michael Larson <sethmichaellarson@gmail.com>, David Glick <david@glicksoftware.com>",
"download_url": "https://files.pythonhosted.org/packages/46/28/e7a810115227b7c4953d9db9f1312441e708dc31d1fa6975f5a19d6bed62/truststore-0.9.0.tar.gz",
"platform": null,
"description": "# Truststore\n\n[![PyPI](https://img.shields.io/pypi/v/truststore)](https://pypi.org/project/truststore)\n[![CI](https://github.com/sethmlarson/truststore/actions/workflows/ci.yml/badge.svg?branch=main)](https://github.com/sethmlarson/truststore/actions/workflows/ci.yml)\n\nTruststore is a library which exposes native system certificate stores (ie \"trust stores\")\nthrough an `ssl.SSLContext`-like API. This means that Python applications no longer need to\nrely on certifi as a root certificate store. Native system certificate stores\nhave many helpful features compared to a static certificate bundle like certifi:\n\n- Automatically update certificates as new CAs are created and removed\n- Fetch missing intermediate certificates\n- Check certificates against certificate revocation lists (CRLs) to avoid monster-in-the-middle (MITM) attacks\n- Managed per-system rather than per-application by a operations/IT team\n- PyPI is no longer a CA distribution channel \ud83e\udd73\n\nRight now truststore is a stand-alone library that can be installed globally in your\napplication to immediately take advantage of the benefits in Python 3.10+. Truststore\nhas also been integrated into pip as an opt-in method for verifying HTTPS certificates\nwith truststore instead of certifi.\n\nLong-term the hope is to make truststore the default way to verify HTTPS certificates in pip\nand to add this functionality into Python itself. Wish us luck!\n\n## Installation\n\nTruststore is installed from [PyPI](https://pypi.org/project/truststore) with pip:\n\n```{code-block} shell\n$ python -m pip install truststore\n```\n\nTruststore **requires Python 3.10 or later** and supports the following platforms:\n- macOS 10.8+ via [Security framework](https://developer.apple.com/documentation/security)\n- Windows via [CryptoAPI](https://docs.microsoft.com/en-us/windows/win32/seccrypto/cryptography-functions#certificate-verification-functions)\n- Linux via OpenSSL\n\n## User Guide\n\n> **Warning**\n> **PLEASE READ:** `inject_into_ssl()` **must not be used by libraries or packages** as it will cause issues on import time when integrated with other libraries.\n> Libraries and packages should instead use `truststore.SSLContext` directly which is detailed below.\n> \n> The `inject_into_ssl()` function is intended only for use in applications and scripts.\n\nYou can inject `truststore` into the standard library `ssl` module so the functionality is used\nby every library by default. To do so use the `truststore.inject_into_ssl()` function:\n\n```python\nimport truststore\ntruststore.inject_into_ssl()\n\n# Automatically works with urllib3, requests, aiohttp, and more:\nimport urllib3\nhttp = urllib3.PoolManager()\nresp = http.request(\"GET\", \"https://example.com\")\n\nimport aiohttp\nhttp = aiohttp.ClientSession()\nresp = await http.request(\"GET\", \"https://example.com\")\n\nimport requests\nresp = requests.get(\"https://example.com\")\n```\n\nIf you'd like finer-grained control or you're developing a library or package you can create your own `truststore.SSLContext` instance\nand use it anywhere you'd use an `ssl.SSLContext`:\n\n```python\nimport ssl\nimport truststore\n\nctx = truststore.SSLContext(ssl.PROTOCOL_TLS_CLIENT)\n\nimport urllib3\nhttp = urllib3.PoolManager(ssl_context=ctx)\nresp = http.request(\"GET\", \"https://example.com\")\n```\n\nYou can read more in the [user guide in the documentation](https://truststore.readthedocs.io/en/latest/#user-guide).\n\n## License\n\nMIT\n\n",
"bugtrack_url": null,
"license": null,
"summary": "Verify certificates using native system trust stores",
"version": "0.9.0",
"project_urls": {
"Documentation": "https://truststore.readthedocs.io",
"Source": "https://github.com/sethmlarson/truststore"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "5751778c9a9535a39b14949ca1901e2417da2e97b46302f2708fdd53bcc9c61b",
"md5": "b294272cb3a0d33a53f6f4bfd5e479b6",
"sha256": "87ec7718ae0c0c9f100a040b86a8a3c93e258fb03e31bd3a8cc45948de2a3805"
},
"downloads": -1,
"filename": "truststore-0.9.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "b294272cb3a0d33a53f6f4bfd5e479b6",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.10",
"size": 17139,
"upload_time": "2024-04-29T17:16:00",
"upload_time_iso_8601": "2024-04-29T17:16:00.069547Z",
"url": "https://files.pythonhosted.org/packages/57/51/778c9a9535a39b14949ca1901e2417da2e97b46302f2708fdd53bcc9c61b/truststore-0.9.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "4628e7a810115227b7c4953d9db9f1312441e708dc31d1fa6975f5a19d6bed62",
"md5": "0514941f828cdeab9bea0e1dd7a72af3",
"sha256": "8876ce1ece1187f523d1ac0c975aa91cf2320c6cd7f20c3a35a7811f49ec2e37"
},
"downloads": -1,
"filename": "truststore-0.9.0.tar.gz",
"has_sig": false,
"md5_digest": "0514941f828cdeab9bea0e1dd7a72af3",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.10",
"size": 23254,
"upload_time": "2024-04-29T17:16:02",
"upload_time_iso_8601": "2024-04-29T17:16:02.251644Z",
"url": "https://files.pythonhosted.org/packages/46/28/e7a810115227b7c4953d9db9f1312441e708dc31d1fa6975f5a19d6bed62/truststore-0.9.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-04-29 17:16:02",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "sethmlarson",
"github_project": "truststore",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "truststore"
}