| Name | truststore JSON |
| Version |
0.10.1
JSON |
| download |
| home_page | None |
| Summary | Verify certificates using native system trust stores |
| upload_time | 2025-02-07 18:57:38 |
| maintainer | None |
| docs_url | None |
| author | None |
| requires_python | >=3.10 |
| license | None |
| keywords |
|
| VCS |
 |
| bugtrack_url |
|
| requirements |
No requirements were recorded.
|
| Travis-CI |
No Travis.
|
| coveralls test coverage |
No coveralls.
|
# Truststore
[](https://pypi.org/project/truststore)
[](https://github.com/sethmlarson/truststore/actions/workflows/ci.yml)
Truststore is a library which exposes native system certificate stores (ie "trust stores")
through an `ssl.SSLContext`-like API. This means that Python applications no longer need to
rely on certifi as a root certificate store. Native system certificate stores
have many helpful features compared to a static certificate bundle like certifi:
- Automatically update certificates as new CAs are created and removed
- Fetch missing intermediate certificates
- Check certificates against certificate revocation lists (CRLs) to avoid monster-in-the-middle (MITM) attacks
- Managed per-system rather than per-application by a operations/IT team
- PyPI is no longer a CA distribution channel 🥳
Right now truststore is a stand-alone library that can be installed globally in your
application to immediately take advantage of the benefits in Python 3.10+. Truststore
has also been integrated into pip 24.2+ as the default method for verifying HTTPS
certificates (with a fallback to certifi).
Long-term the hope is to add this functionality into Python itself. Wish us luck!
## Installation
Truststore is installed from [PyPI](https://pypi.org/project/truststore) with pip:
```{code-block} shell
$ python -m pip install truststore
```
Truststore **requires Python 3.10 or later** and supports the following platforms:
- macOS 10.8+ via [Security framework](https://developer.apple.com/documentation/security)
- Windows via [CryptoAPI](https://docs.microsoft.com/en-us/windows/win32/seccrypto/cryptography-functions#certificate-verification-functions)
- Linux via OpenSSL
## User Guide
> **Warning**
> **PLEASE READ:** `inject_into_ssl()` **must not be used by libraries or packages** as it will cause issues on import time when integrated with other libraries.
> Libraries and packages should instead use `truststore.SSLContext` directly which is detailed below.
>
> The `inject_into_ssl()` function is intended only for use in applications and scripts.
You can inject `truststore` into the standard library `ssl` module so the functionality is used
by every library by default. To do so use the `truststore.inject_into_ssl()` function:
```python
import truststore
truststore.inject_into_ssl()
# Automatically works with urllib3, requests, aiohttp, and more:
import urllib3
http = urllib3.PoolManager()
resp = http.request("GET", "https://example.com")
import aiohttp
http = aiohttp.ClientSession()
resp = await http.request("GET", "https://example.com")
import requests
resp = requests.get("https://example.com")
```
If you'd like finer-grained control or you're developing a library or package you can create your own `truststore.SSLContext` instance
and use it anywhere you'd use an `ssl.SSLContext`:
```python
import ssl
import truststore
ctx = truststore.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
import urllib3
http = urllib3.PoolManager(ssl_context=ctx)
resp = http.request("GET", "https://example.com")
```
You can read more in the [user guide in the documentation](https://truststore.readthedocs.io/en/latest/#user-guide).
## License
MIT
Raw data
{
"_id": null,
"home_page": null,
"name": "truststore",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.10",
"maintainer_email": null,
"keywords": null,
"author": null,
"author_email": "Seth Michael Larson <sethmichaellarson@gmail.com>, David Glick <david@glicksoftware.com>",
"download_url": "https://files.pythonhosted.org/packages/0f/a7/b7a43228762966a13598a404f3dfb4803ea29a906f449d8b0e73ed0bcd30/truststore-0.10.1.tar.gz",
"platform": null,
"description": "# Truststore\n\n[](https://pypi.org/project/truststore)\n[](https://github.com/sethmlarson/truststore/actions/workflows/ci.yml)\n\nTruststore is a library which exposes native system certificate stores (ie \"trust stores\")\nthrough an `ssl.SSLContext`-like API. This means that Python applications no longer need to\nrely on certifi as a root certificate store. Native system certificate stores\nhave many helpful features compared to a static certificate bundle like certifi:\n\n- Automatically update certificates as new CAs are created and removed\n- Fetch missing intermediate certificates\n- Check certificates against certificate revocation lists (CRLs) to avoid monster-in-the-middle (MITM) attacks\n- Managed per-system rather than per-application by a operations/IT team\n- PyPI is no longer a CA distribution channel \ud83e\udd73\n\nRight now truststore is a stand-alone library that can be installed globally in your\napplication to immediately take advantage of the benefits in Python 3.10+. Truststore\nhas also been integrated into pip 24.2+ as the default method for verifying HTTPS\ncertificates (with a fallback to certifi).\n\nLong-term the hope is to add this functionality into Python itself. Wish us luck!\n\n## Installation\n\nTruststore is installed from [PyPI](https://pypi.org/project/truststore) with pip:\n\n```{code-block} shell\n$ python -m pip install truststore\n```\n\nTruststore **requires Python 3.10 or later** and supports the following platforms:\n- macOS 10.8+ via [Security framework](https://developer.apple.com/documentation/security)\n- Windows via [CryptoAPI](https://docs.microsoft.com/en-us/windows/win32/seccrypto/cryptography-functions#certificate-verification-functions)\n- Linux via OpenSSL\n\n## User Guide\n\n> **Warning**\n> **PLEASE READ:** `inject_into_ssl()` **must not be used by libraries or packages** as it will cause issues on import time when integrated with other libraries.\n> Libraries and packages should instead use `truststore.SSLContext` directly which is detailed below.\n> \n> The `inject_into_ssl()` function is intended only for use in applications and scripts.\n\nYou can inject `truststore` into the standard library `ssl` module so the functionality is used\nby every library by default. To do so use the `truststore.inject_into_ssl()` function:\n\n```python\nimport truststore\ntruststore.inject_into_ssl()\n\n# Automatically works with urllib3, requests, aiohttp, and more:\nimport urllib3\nhttp = urllib3.PoolManager()\nresp = http.request(\"GET\", \"https://example.com\")\n\nimport aiohttp\nhttp = aiohttp.ClientSession()\nresp = await http.request(\"GET\", \"https://example.com\")\n\nimport requests\nresp = requests.get(\"https://example.com\")\n```\n\nIf you'd like finer-grained control or you're developing a library or package you can create your own `truststore.SSLContext` instance\nand use it anywhere you'd use an `ssl.SSLContext`:\n\n```python\nimport ssl\nimport truststore\n\nctx = truststore.SSLContext(ssl.PROTOCOL_TLS_CLIENT)\n\nimport urllib3\nhttp = urllib3.PoolManager(ssl_context=ctx)\nresp = http.request(\"GET\", \"https://example.com\")\n```\n\nYou can read more in the [user guide in the documentation](https://truststore.readthedocs.io/en/latest/#user-guide).\n\n## License\n\nMIT\n\n",
"bugtrack_url": null,
"license": null,
"summary": "Verify certificates using native system trust stores",
"version": "0.10.1",
"project_urls": {
"Documentation": "https://truststore.readthedocs.io",
"Source": "https://github.com/sethmlarson/truststore"
},
"split_keywords": [],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "bcdf8ad635bdcfa8214c399e5614f7c2121dced47defb755a85ea1fa702ffb1c",
"md5": "b668e192eb3f9e9d22184f4069bdda0d",
"sha256": "b64e6025a409a43ebdd2807b0c41c8bff49ea7ae6550b5087ac6df6619352d4c"
},
"downloads": -1,
"filename": "truststore-0.10.1-py3-none-any.whl",
"has_sig": false,
"md5_digest": "b668e192eb3f9e9d22184f4069bdda0d",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.10",
"size": 18496,
"upload_time": "2025-02-07T18:57:36",
"upload_time_iso_8601": "2025-02-07T18:57:36.348502Z",
"url": "https://files.pythonhosted.org/packages/bc/df/8ad635bdcfa8214c399e5614f7c2121dced47defb755a85ea1fa702ffb1c/truststore-0.10.1-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "0fa7b7a43228762966a13598a404f3dfb4803ea29a906f449d8b0e73ed0bcd30",
"md5": "94759b92e1782acedc1394fd9a10f783",
"sha256": "eda021616b59021812e800fa0a071e51b266721bef3ce092db8a699e21c63539"
},
"downloads": -1,
"filename": "truststore-0.10.1.tar.gz",
"has_sig": false,
"md5_digest": "94759b92e1782acedc1394fd9a10f783",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.10",
"size": 26101,
"upload_time": "2025-02-07T18:57:38",
"upload_time_iso_8601": "2025-02-07T18:57:38.201733Z",
"url": "https://files.pythonhosted.org/packages/0f/a7/b7a43228762966a13598a404f3dfb4803ea29a906f449d8b0e73ed0bcd30/truststore-0.10.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-02-07 18:57:38",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "sethmlarson",
"github_project": "truststore",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "truststore"
}
