sethmlarson/truststore sethmlarson/truststore

  • Stars
    star
    153
  • Rank 241,845 (Top 5 %)
  • Language
    Python
  • License
    MIT License
  • Created over 2 years ago
  • Updated 28 days ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
sethmlarson/truststore
github

sethmlarson

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Verify certificates using OS trust stores

Truststore

PyPI CI

Truststore is a library which exposes native system certificate stores (ie "trust stores") through an ssl.SSLContext-like API. This means that Python applications no longer need to rely on certifi as a root certificate store. Native system certificate stores have many helpful features compared to a static certificate bundle like certifi:

  • Automatically update certificates as new CAs are created and removed
  • Fetch missing intermediate certificates
  • Check certificates against certificate revocation lists (CRLs) to avoid monster-in-the-middle (MITM) attacks
  • Managed per-system rather than per-application by a operations/IT team
  • PyPI is no longer a CA distribution channel 🥳

Right now truststore is a stand-alone library that can be installed globally in your application to immediately take advantage of the benefits in Python 3.10+. Truststore has also been integrated into pip as an opt-in method for verifying HTTPS certificates with truststore instead of certifi.

Long-term the hope is to make truststore the default way to verify HTTPS certificates in pip and to add this functionality into Python itself. Wish us luck!

Installation

Truststore is installed from PyPI with pip:

$ python -m pip install truststore

Truststore requires Python 3.10 or later and supports the following platforms:

User Guide

You can inject truststore into the standard library ssl module so the functionality is used by every library by default. To do so use the truststore.inject_into_ssl() function:

import truststore
truststore.inject_into_ssl()

# Automatically works with urllib3, requests, aiohttp, and more:
import urllib3
http = urllib3.PoolManager()
resp = http.request("GET", "https://example.com")

import aiohttp
http = aiohttp.ClientSession()
resp = await http.request("GET", "https://example.com")

import requests
resp = requests.get("https://example.com")

If you'd like finer-grained control you can create your own truststore.SSLContext instance and use it anywhere you'd use an ssl.SSLContext:

import ssl
import truststore

ctx = truststore.SSLContext(ssl.PROTOCOL_TLS_CLIENT)

import urllib3
http = urllib3.PoolManager(ssl_context=ctx)
resp = http.request("GET", "https://example.com")

You can read more in the user guide in the documentation.

License

MIT

More Repositories

1

virtualbox-python

Complete implementation of VirtualBox's COM API with a Pythonic interface.
Python
348
star
2

secure-python-package-template

Template for a Python package with a secure project host and package repository configuration.
Python
186
star
3

trytravis

Send local git changes to Travis CI without commits or pushes.
Python
130
star
4

pypi-data

Data about packages and maintainers on PyPI
Python
103
star
5

socksio

Sans-I/O implementation of SOCKS4, SOCKS4A, and SOCKS5
Python
51
star
6

trustme-cli

A simple tool that generates certificates for local testing
Python
35
star
7

diagrams

Collection of diagrams from articles
Python
28
star
8

utf8.xyz

A quick web app for fetching Unicode characters without extra fluff
HTML
26
star
9

sethmlarson.dev

Personal blog
HTML
23
star
10

pycon-async-sync-poster

An example project which demonstrates how to use some new tools to more easily maintain a codebase that supports both async and synchronous I/O and multiple async libraries.
Python
22
star
11

whatwg-url

Python implementation of WHATWG URL Living Standard
Python
20
star
12

selectors2

Backported, durable, and portable selectors designed to replace the standard library selectors module.
Python
14
star
13

pypi-scorecards

OpenSSF Scorecard for top Python packages
Python
13
star
14

irl

URLs for IRL
Python
10
star
15

hstspreload

Chromium HSTS Preload list as a Python package and updated daily.
Python
10
star
16

pip-sbom

Generate Software Bill-of-Materials (SBOMs) for Python environments from distribution metadata
Python
9
star
17

avail

Check the availability of names in common places
Python
9
star
18

psl

Mozilla Public Suffix list as a Python package and updated daily.
Python
8
star
19

mashpack

Mashpack - JSON-Object Serialization and Compression
Python
6
star
20

cpython-sbom

Generating Software Bill-of-Materials (SBOM) for CPython release artifacts
Python
6
star
21

rfc6555

Python implementation of the Happy Eyeballs Algorithm described in RFC 6555
Python
4
star
22

sethmlarson

GitHub README.md
Python
4
star
23

fix-python-repl-exit

A simple script that makes typing `exit` in a Python interpreter do what you expect
Python
3
star
24

capture-packets

User-friendly packet captures
Python
3
star
25

delt

Builds and uploads Continuous Integration environment reports
Python
3
star
26

quic-qpack

Pure Python implementation of QPACK: An efficient encoding for HTTP headers for HTTP/3
2
star
27

picklepipe

Python pickling protocol over any network interface.
Python
2
star
28

eland-demo-pycon2022

Jupyter Notebook
1
star
29

verify-python-release-signatures

Verify Python release signatures
Python
1
star
30

python-travis-deploy

A test project for deploying to PyPI from Travis
Python
1
star