truststore
truststore copied to clipboard
sethmlarson
Verify certificates using OS trust stores
@jacobian pointed out that it would be nice if `truststore` could also use client certs from the system trust store, particularly on devices that provide device identity by creating certs...
Hi, I use functionality that is unique to PyOpenSSL contexts (`OpenSSL.SSL.Context`) to verify certificate chains without having an SSL connection open. PyOpenSSL's trust store support is very limited (see notes...
This is more a question/discussion than an issue. I'm using a lot of Python libraries, which build on `urllib3`, `aiohttp` or `requests`. In seldom cases, I am able to get...
If you're here from the article and running pip with `--use-feature=truststore` worked on your machine then leave a reaction below based on your operating system. **To avoid spam, please do...
- [ ] verify_flags - [x] CRLs/revocation mechanism - [x] load_verify_locations - [x] check_hostname - [ ] hostname_checks_common_name
SSLContext has a `_load_windows_store_certs` method which is called by `SSLContext.load_default_certs` to load CA certs on Windows. We could replace it with a method that does nothing to avoid unnecessary work.
We're not aware of a website that sends a certificate chain that's missing an intermediate and doesn't use Authority Information Access (AIA). After #9 is implemented we can create a...
I am currently using Python for performing **client authentication** on Windows as part of a HTTP request with code like this: ``` import http.client, ssl # load clientAuth cert (with...
Closes #131 Split into two commits for easier reviewing, looks like Black style changed :) Unfortunately looks like trustme is broken through cryptography so we can't use that for tests...