truststore
truststore copied to clipboard
Published
20 hours ago •
sethmlarson
sethmlarson
Verify certificates using OS trust stores
Truststore
Verify certificates using OS trust stores. Supports macOS, Windows, and Linux (with OpenSSL). This project should be considered experimental.
Usage
# The following code works on Linux, macOS, and Windows without dependencies.
import socket
import ssl
import truststore
# Create an SSLContext for the system trust store
ctx = truststore.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
# Connect to the peer and initiate a TLS handshake
sock = socket.create_connection(("example.com", 443))
sock = ctx.wrap_socket(sock, server_hostname="example.com")
# Also works with libraries that accept an SSLContext object
import urllib3
http = urllib3.PoolManager(ssl_context=ctx)
http.request("GET", "https://example.com")
# Works with ssl.MemoryBIO objects for async I/O
import aiohttp
http = aiohttp.ClientSession()
await http.request("GET", "https://example.com", ssl=ctx)
Platforms
Works in the following configurations:
- macOS 10.8+ via Security framework
- Windows via CryptoAPI
- Linux via OpenSSL
Prior art
- The future of trust stores in Python (PyCon US 2022 lightning talk) (slides)
- Experimental APIs in Python 3.10 and the future of trust stores
- PEP 543: A Unified TLS API for Python
License
MIT
sethmlarson