Chase authority information access from a host certificate to complete the chain of trust.
Project description
AIA Chaser
This package provides authority information access (AIA) chasing from a host/leaf certificate to complete its chain of trust and generate an SSL context to establish a secure connection.
Overview
AIA, an extension of the X509 standard in RFC 5280, points a client towards two types of endpoints:
- CA Issuers: To fetch the issuer certificate.
- OSCP: To check the certificate's revocation status.
Thanks to this information, it is possible to complete the chain of trust of a certificate. Without AIA chasing, some HTTPS requests may fail if the endpoint does not provide all the certificates of its chain of trust.
You may have experienced that already when some HTTPS URL works on your
browser but fail when using curl or Python + requests. Then this
package could be of help to you :guide_dog:.
Examples
The following examples showcase how to use this library with some typical Python HTTP libraries.
- Standard library's urlopen:
from urllib.request import urlopen
from aia_chaser import AiaChaser
url = "https://..."
chaser = AiaChaser()
context = chaser.make_ssl_context_for_url(url)
response = urlopen(url, context=context)
- Using Requests: HTTP for Humans:
import requests
from aia_chaser import AiaChaser
chaser = AiaChaser()
url = "https://..."
context = chaser.make_ssl_context_for_url(url)
ca_data = chaser.fetch_ca_chain_for_url(url)
with tempfile.NamedTemporaryFile("wt") as pem_file:
pem_file.write(ca_data.to_pem())
pem_file.flush()
response = requests.get(url, verify=pem_file.name)
- Using urllib3:
import urllib3
from aia_chaser import AiaChaser
url = "https://..."
chaser = AiaChaser()
context = chaser.make_ssl_context_for_url(url)
with urllib3.PoolManager(ssl_context=context) as pool:
respone = pool.request("GET", url)
Development
First of all, you must have the following tools installed and on
your $PATH.
Then, open a terminal on the project's directory and run:
make init
Acknowledgments
- This project is based on aia.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file aia_chaser-1.1.0.tar.gz.
File metadata
- Download URL: aia_chaser-1.1.0.tar.gz
- Upload date:
- Size: 11.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.11.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | e6ffd48b72911a6b78a96837cdeb103d615880531b6383b0389248012da1ba14 |
|
| MD5 | 7dd9461f16f7645fadad0eeeee867df4 |
|
| BLAKE2b-256 | bb04e0606b02ae6ff92e9f66ae00946768e945bb3491d96ae20a614a87a448e1 |
File details
Details for the file aia_chaser-1.1.0-py3-none-any.whl.
File metadata
- Download URL: aia_chaser-1.1.0-py3-none-any.whl
- Upload date:
- Size: 11.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.11.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 03fb9af87e2229a6ad3beed81fdd27403ccd4daee505ccd1479f139a16411ad1 |
|
| MD5 | db8d60a402e15353245da446eecd5063 |
|
| BLAKE2b-256 | 0abd221097ba20f4f0e1045da3b1c4315bde51cb9a37e6dcea7701df0a28b4b7 |
