
Product
Introducing Module Reachability: Focus on the Vulnerabilities That Matter
Module Reachability filters out unreachable CVEs so you can focus on vulnerabilities that actually matter to your application.
Truststore is a library which exposes native system certificate stores (ie "trust stores")
through an ssl.SSLContext
-like API. This means that Python applications no longer need to
rely on certifi as a root certificate store. Native system certificate stores
have many helpful features compared to a static certificate bundle like certifi:
Right now truststore is a stand-alone library that can be installed globally in your application to immediately take advantage of the benefits in Python 3.10+. Truststore has also been integrated into pip 24.2+ as the default method for verifying HTTPS certificates (with a fallback to certifi).
Long-term the hope is to add this functionality into Python itself. Wish us luck!
Truststore is installed from PyPI with pip:
$ python -m pip install truststore
Truststore requires Python 3.10 or later and supports the following platforms:
Warning PLEASE READ:
inject_into_ssl()
must not be used by libraries or packages as it will cause issues on import time when integrated with other libraries. Libraries and packages should instead usetruststore.SSLContext
directly which is detailed below.The
inject_into_ssl()
function is intended only for use in applications and scripts.
You can inject truststore
into the standard library ssl
module so the functionality is used
by every library by default. To do so use the truststore.inject_into_ssl()
function:
import truststore
truststore.inject_into_ssl()
# Automatically works with urllib3, requests, aiohttp, and more:
import urllib3
http = urllib3.PoolManager()
resp = http.request("GET", "https://example.com")
import aiohttp
http = aiohttp.ClientSession()
resp = await http.request("GET", "https://example.com")
import requests
resp = requests.get("https://example.com")
If you'd like finer-grained control or you're developing a library or package you can create your own truststore.SSLContext
instance
and use it anywhere you'd use an ssl.SSLContext
:
import ssl
import truststore
ctx = truststore.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
import urllib3
http = urllib3.PoolManager(ssl_context=ctx)
resp = http.request("GET", "https://example.com")
You can read more in the user guide in the documentation.
MIT
FAQs
Verify certificates using native system trust stores
We found that truststore demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Module Reachability filters out unreachable CVEs so you can focus on vulnerabilities that actually matter to your application.
Product
Socket is introducing a new way to organize repositories and apply repository-specific security policies.
Research
Security News
Socket researchers uncovered malicious npm and PyPI packages that steal crypto wallet credentials using Google Analytics and Telegram for exfiltration.