• Stars
    star
    501
  • Rank 88,002 (Top 2 %)
  • Language
    Python
  • License
    Other
  • Created over 7 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

#1 quality TLS certs while you wait, for the discerning tester

trustme: #1 quality TLS certs while you wait

https://vignette2.wikia.nocookie.net/jadensadventures/images/1/1e/Kaa%27s_hypnotic_eyes.jpg/revision/latest?cb=20140310173415

You wrote a cool network client or server. It encrypts connections using TLS. Your test suite needs to make TLS connections to itself.

Uh oh. Your test suite probably doesn't have a valid TLS certificate. Now what?

trustme is a tiny Python package that does one thing: it gives you a fake certificate authority (CA) that you can use to generate fake TLS certs to use in your tests. Well, technically they're real certs, they're just signed by your CA, which nobody trusts. But you can trust it. Trust me.

Vital statistics

Install: pip install -U trustme

Documentation: https://trustme.readthedocs.io

Bug tracker and source code: https://github.com/python-trio/trustme

Tested on: Python 3.8+, CPython and PyPy

License: MIT or Apache 2, your choice.

Code of conduct: Contributors are requested to follow our code of conduct in all project spaces.

Cheat sheet

Programmatic usage:

import trustme

# ----- Creating certs -----

# Look, you just created your certificate authority!
ca = trustme.CA()

# And now you issued a cert signed by this fake CA
# https://en.wikipedia.org/wiki/Example.org
server_cert = ca.issue_cert("test-host.example.org")

# That's it!

# ----- Using your shiny new certs -----

# You can configure SSL context objects to trust this CA:
ca.configure_trust(ssl_context)
# Or configure them to present the server certificate
server_cert.configure_cert(ssl_context)
# You can use standard library or PyOpenSSL context objects here,
# trustme is happy either way.

# ----- or -----

# Save the PEM-encoded data to a file to use in non-Python test
# suites:
ca.cert_pem.write_to_path("ca.pem")
server_cert.private_key_and_cert_chain_pem.write_to_path("server.pem")

# ----- or -----

# Put the PEM-encoded data in a temporary file, for libraries that
# insist on that:
with ca.cert_pem.tempfile() as ca_temp_path:
    requests.get("https://...", verify=ca_temp_path)

Command line usage:

$ # Certs may be generated from anywhere. Here's where we are:
$ pwd
/tmp
$ # ----- Creating certs -----
$ python -m trustme
Generated a certificate for 'localhost', '127.0.0.1', '::1'
Configure your server to use the following files:
  cert=/tmp/server.pem
  key=/tmp/server.key
Configure your client to use the following files:
  cert=/tmp/client.pem
$ # ----- Using certs -----
$ gunicorn --keyfile server.key --certfile server.pem app:app
$ curl --cacert client.pem https://localhost:8000/
Hello, world!

FAQ

Should I use these certs for anything real? Certainly not.

Why not just use self-signed certificates? These are more realistic. You don't have to disable your certificate validation code in your test suite, which is good because you want to test what you run in production, and you would never disable your certificate validation code in production, right? Plus, they're just as easy to work with. Actually easier, in many cases.

What if I want to test how my code handles some bizarre TLS configuration? We think trustme hits a sweet spot of ease-of-use and generality as it is. The defaults are carefully chosen to work on all major operating systems and be as fast as possible. We don't want to turn trustme into a second-rate re-export of everything in cryptography. If you have more complex needs, consider using them directly, possibly starting from the trustme code.

Will you automate installing CA cert into system trust store? No. mkcert already does this well, and we would not have anything to add.

More Repositories

1

trio

Trio – a friendly Python library for async concurrency and I/O
Python
6,058
star
2

purerpc

Native, async Python gRPC client and server implementation supporting asyncio, uvloop, and trio
Python
217
star
3

trio-asyncio

a re-implementation of the asyncio mainloop on top of Trio
Python
188
star
4

async_generator

Making it easy to write async iterators in Python 3.5
Python
94
star
5

sniffio

Sniff out which async library your code is running under
Python
90
star
6

unasync

The async transformation code.
Python
88
star
7

hip

A new Python HTTP client for everybody
Python
79
star
8

trio-websocket

WebSocket client and server implementation for Python Trio
Python
70
star
9

trimeter

(not ready yet) A simple but powerful job scheduler for Trio programs
Python
54
star
10

pytest-trio

Pytest plugin for trio
Python
53
star
11

triopg

PostgreSQL client for Trio based on asyncpg
Python
45
star
12

outcome

Capture the outcome of Python function calls
Python
32
star
13

exceptiongroup

Python
27
star
14

trio-typing

Type hints for Trio and related projects
Python
27
star
15

sphinxcontrib-trio

Make Sphinx better at documenting Python functions and methods
Python
26
star
16

cookiecutter-trio

Quickstart template for Trio projects
Python
25
star
17

trio-talks

Talks, slides, and other similar resources for Trio
Jupyter Notebook
22
star
18

snekomatic

The code behind @trio-bot
Python
21
star
19

flake8-async

Highly opinionated linter for Trio code
Python
17
star
20

trio-amqp

Asynchronous messaging for snake people
Python
10
star
21

asyncgpio

A small library to access GPIO pins the Trio way. Linux 4.9+ only.
Python
10
star
22

hypothesis-trio

Hypothesis plugin for trio
Python
8
star
23

trzmq

Trio + ZeroMQ - vowels = trzmq
Python
5
star
24

trio-monitor

Monitor utility for trio
Python
4
star
25

trio-owfs

Access 1wire buses (via owserver)
Python
3
star
26

ahip

You're probably looking for https://github.com/python-trio/hip
Python
2
star
27

python-trio.github.io

Trio website
1
star