blob: 70390d6db633ad2fbac027d88648cf43e7ad41b1 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
Truststore is a library which exposes native system certificate stores (ie
"trust stores") through an ssl.SSLContext-like API. This means that Python
applications no longer need to rely on certifi as a root certificate store.
Native system certificate stores have many helpful features compared to a static
certificate bundle like certifi:
- Automatically update certificates as new CAs are created and removed
- Fetch missing intermediate certificates
- Check certificates against certificate revocation lists (CRLs) to avoid
monster-in-the-middle (MITM) attacks
- Managed per-system rather than per-application by a operations/IT team
- PyPI is no longer a CA distribution channel
Right now truststore is a stand-alone library that can be installed globally in
your application to immediately take advantage of the benefits in Python 3.10+.
Truststore has also been integrated into pip as an opt-in method for verifying
HTTPS certificates with truststore instead of certifi.
Long-term the hope is to make truststore the default way to verify HTTPS
certificates in pip and to add this functionality into Python itself. Wish us
luck!
|
