Utilities for creation of SSL/TLS security contexts for servers and clients
The purpose of this module is to expose, simple to use, secure definitions that follow current, community agreed, standards. As of now it offers methods for creation of client and server secure contexts.
It is STRONGLY RECOMMENDED that you READ the CODE BEFORE considering USING this library. I am NOT RESPONSIBLE if your product is hacked or cats become humans overlords due to usage of this code.
Currently, only two functions are exported:
def create_server_ssl_context(
cert_file: Union[Path, str],
key_file: Union[Path, str],
*,
ca_file: Optional[Union[Path, str]] = None,
ca_path: Optional[Union[Path, str]] = None,
ca_data: Optional[Union[bytes, str]] = None,
crl_file: Optional[Union[Path, str]] = None,
protocols: Optional[List[str]] = None,
ca_load_default: bool = False,
) -> ssl.SSLContext:
"""Create SSL context for TLS servers
Args:
cert_file: Path to SSL certificate file
key_file: Path to private key file
ca_file: Path to a file of concatenated CA certificates in PEM format
ca_path: Path to a directory containing CA certificates in PEM format, following an OpenSSL specific layout
ca_data: ASCII string of one or more PEM-encoded certificates or a bytes-like object of DER-encoded certificates
crl_file: Path to a certificate revocation list file
protocols: ALPN and NPN protocols accepted
ca_load_default: Whether to load system defaults (default: {False})
Note:
If any of `ca_file`, `ca_path`, `ca_data` are defined client authentication will be enabled, which requires all
clients to provide a accepted certificate to connect to the server.
Raises:
SSLError: Occurs if SSLContext creation fails
FileNotFoundError: Occurs if a file path is invalid
Returns:
SSL context
"""
...
def create_client_authentication_ssl_context(
cert_file: Union[Path, str],
key_file: Union[Path, str],
*,
ca_file: Optional[Union[Path, str]] = None,
ca_path: Optional[Union[Path, str]] = None,
ca_data: Optional[Union[bytes, str]] = None,
crl_file: Optional[Union[Path, str]] = None,
protocols: Optional[List[str]] = None,
check_hostname: bool = True,
) -> ssl.SSLContext:
"""Create SSL context for clients that require TLS client authentication
WARNING:
For clients that DO NOT require client authentication,
ssl.create_default_context should be used instead
Args:
cert_file: Path to SSL certificate file
key_file: Path to private key file
ca_file: Path to a file of concatenated CA certificates in PEM format
ca_path: Path to a directory containing CA certificates in PEM format, following an OpenSSL specific layout
ca_data: ASCII string of one or more PEM-encoded certificates or a bytes-like object of DER-encoded certificates
crl_file: Path to a certificate revocation list file
protocols: ALPN and NPN protocols accepted
check_hostname: Server hostname match (default: {False})
Raises:
SSLError: Occurs if SSLContext creation fails
FileNotFoundError: Occurs if a file path is invalid
Returns:
SSL context
"""
...
Copyright © 2019-2021 Vítor Vasconcellos
FAQs
Utilities for creation of SSL/TLS security contexts for servers and clients
We found that secure-context demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.