Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/sethmlarson/truststore
Verify certificates using OS trust stores
https://github.com/sethmlarson/truststore
certificates macos python tls truststore windows
Last synced: about 24 hours ago
JSON representation
Verify certificates using OS trust stores
- Host: GitHub
- URL: https://github.com/sethmlarson/truststore
- Owner: sethmlarson
- License: mit
- Created: 2022-01-07T17:40:56.000Z (almost 3 years ago)
- Default Branch: main
- Last Pushed: 2024-10-26T22:09:07.000Z (about 2 months ago)
- Last Synced: 2024-12-06T03:21:43.942Z (8 days ago)
- Topics: certificates, macos, python, tls, truststore, windows
- Language: Python
- Homepage: https://truststore.readthedocs.io
- Size: 181 KB
- Stars: 164
- Watchers: 5
- Forks: 21
- Open Issues: 16
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS
- Security: .github/SECURITY.md
Awesome Lists containing this project
README
# Truststore
[![PyPI](https://img.shields.io/pypi/v/truststore)](https://pypi.org/project/truststore)
[![CI](https://github.com/sethmlarson/truststore/actions/workflows/ci.yml/badge.svg?branch=main)](https://github.com/sethmlarson/truststore/actions/workflows/ci.yml)Truststore is a library which exposes native system certificate stores (ie "trust stores")
through an `ssl.SSLContext`-like API. This means that Python applications no longer need to
rely on certifi as a root certificate store. Native system certificate stores
have many helpful features compared to a static certificate bundle like certifi:- Automatically update certificates as new CAs are created and removed
- Fetch missing intermediate certificates
- Check certificates against certificate revocation lists (CRLs) to avoid monster-in-the-middle (MITM) attacks
- Managed per-system rather than per-application by a operations/IT team
- PyPI is no longer a CA distribution channel 🥳Right now truststore is a stand-alone library that can be installed globally in your
application to immediately take advantage of the benefits in Python 3.10+. Truststore
has also been integrated into pip 24.2+ as the default method for verifying HTTPS
certificates (with a fallback to certifi).Long-term the hope is to add this functionality into Python itself. Wish us luck!
## Installation
Truststore is installed from [PyPI](https://pypi.org/project/truststore) with pip:
```{code-block} shell
$ python -m pip install truststore
```Truststore **requires Python 3.10 or later** and supports the following platforms:
- macOS 10.8+ via [Security framework](https://developer.apple.com/documentation/security)
- Windows via [CryptoAPI](https://docs.microsoft.com/en-us/windows/win32/seccrypto/cryptography-functions#certificate-verification-functions)
- Linux via OpenSSL## User Guide
> **Warning**
> **PLEASE READ:** `inject_into_ssl()` **must not be used by libraries or packages** as it will cause issues on import time when integrated with other libraries.
> Libraries and packages should instead use `truststore.SSLContext` directly which is detailed below.
>
> The `inject_into_ssl()` function is intended only for use in applications and scripts.You can inject `truststore` into the standard library `ssl` module so the functionality is used
by every library by default. To do so use the `truststore.inject_into_ssl()` function:```python
import truststore
truststore.inject_into_ssl()# Automatically works with urllib3, requests, aiohttp, and more:
import urllib3
http = urllib3.PoolManager()
resp = http.request("GET", "https://example.com")import aiohttp
http = aiohttp.ClientSession()
resp = await http.request("GET", "https://example.com")import requests
resp = requests.get("https://example.com")
```If you'd like finer-grained control or you're developing a library or package you can create your own `truststore.SSLContext` instance
and use it anywhere you'd use an `ssl.SSLContext`:```python
import ssl
import truststorectx = truststore.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
import urllib3
http = urllib3.PoolManager(ssl_context=ctx)
resp = http.request("GET", "https://example.com")
```You can read more in the [user guide in the documentation](https://truststore.readthedocs.io/en/latest/#user-guide).
## License
MIT