aia-chaser

AIA Chaser

This package helps automatically retrieve missing certificates to complete a secure SSL chain of trust. It ensures that even if a server doesn’t provide the full certificate chain, your connection remains secure.

What is AIA Chasing?

AIA (Authority Information Access) is a feature in SSL certificates, defined in RFC 5280, that points to:

• CA Issuers – To fetch missing issuer certificates.
• OCSP – To check if a certificate has been revoked.

By following these links, this package helps fill in the gaps, ensuring your SSL connections don’t fail due to missing certificates.

Why Does This Matter?

Sometimes, a website works fine in your browser but fails when using curl or Python’s requests library. That is because browsers often handle AIA chasing automatically, while other tools don’t. If you’ve run into SSL errors like this, this package can help! :guide_dog:.

Examples

The following examples showcase how to use this library with some typical Python HTTP libraries.

• Standard library's urlopen:

from urllib.request import urlopen
from aia_chaser import AiaChaser

url = "https://..."

chaser = AiaChaser()
context = chaser.make_ssl_context_for_url(url)
response = urlopen(url, context=context)

• Using Requests: HTTP for Humans:

import requests
from aia_chaser import AiaChaser

chaser = AiaChaser()
url = "https://..."
context = chaser.make_ssl_context_for_url(url)

ca_data = chaser.fetch_ca_chain_for_url(url)
with tempfile.NamedTemporaryFile("wt") as pem_file:
    pem_file.write(ca_data.to_pem())
    pem_file.flush()
    response = requests.get(url, verify=pem_file.name)

• Using urllib3:

import urllib3
from aia_chaser import AiaChaser

url = "https://..."

chaser = AiaChaser()
context = chaser.make_ssl_context_for_url(url)
with urllib3.PoolManager(ssl_context=context) as pool:
    respone = pool.request("GET", url)

Acknowledgments

• This project is based on aia.