Certifi wrapper packege to use system certificates
Project description
certifi-system-store-wrapper
A certifi hack to use system trust store and use's own CA.
Motivation
The certifi library is often used in Python to obtain certificate authority information for SSL/TSL communication, but this library only provides a Mozilla-approved Root certificate authority and does not provide any further functionality. There is also no official way to add your own certificate authority.
However, the requests library depends on certifi, and as a result, many libraries that depend on requests use certifi to obtain certificate authority information.
Therefore, I have created a wrapper library that extends the certifi library to handle not only the CA information provided by certifi, but also the CA information installed on the system and even the user's own CA information.
Such functionality should be included in Python itself, and I hope that such a library will be rendered useless as soon as possible.
Usage
You can use this library simply by installing it.
Currently, this library is not yet registered with PyPI, so it must be installed in the following way
pip install -U git+https://github.com/buchio/certifi-system-store-wrapper.git
In the future, once it is registered with PyPI, you should be able to install it using the following method.
pip install -U certifi-system-store-wrapper
Development
To build it, exec followings.
pip wheel .
How to add a user's own Certificate Authority
Set the environment variable PYTHON_CERTIFI_CERT_FILES
.
Specify files with :
separators on Linux/macOS and ;
separators on Windows.
Windows
> SET PYTHON_CERTIFI_CERT_FILES=C:\CA\My_Root_CA.cer;C:\CA2\My_Root_CA2.cer
Linux/macOS
$ export PYTHON_CERTIFI_CERT_FILES=~/My_Root_CA.cer:~/My_Root_CA2.cer
It is better to specify the full path.
Copy the file directly into the package.
The extension is fixed to cer
. Multiple files are supported.
Windows
> copy My_Root_CA.cer C:\Python311\lib\site-packages\certifi_system\
Linux/macOS
$ copy My_Root_CA.cer ~/.venv/lib/python3.11/site-packages/certifi_system/
Log output
Log output can be controlled by environment variables.
-
PYTHON_CERTIFI_LOG_LEVEL
. Set to one ofDEBUG
,INFO
,WARNING
,ERROR
, orCRITICAL
. Default isWARNING
. -
PYTHON_CERTIFI_LOG_FILE
. Specifies the name of the file to log to. Defaults to empty, no file output. -
PYTHON_CERTIFI_LOG_FILE_LEVEL
. Set to one ofDEBUG
,INFO
,WARNING
,ERROR
, orCRITICAL
. Default isDEBUG
.
Restrictions
- I have not checked, but I don't think it will work if it is binaryized with PyInstaller or other software. There is a workaround, which will be described after confirmation.
- We have confirmed that it works only with Python 3.8 or later; it definitely does not work with Python 2, and we do not plan to support it. It probably will not work with Python 3.6 or earlier.
- Currently only tested on Windows 10, macOS Ventura, and Ubuntu 20.04. It is not expected to work well on other platforms.
References
-
https://gitlab.com/alelec/python-certifi-win32
- This is a Windows-only library that hooks certifi and modifies it to return a list of certification authorities installed on the system. Although it no longer seems to be maintained, the code to retrieve Windows Certificate Authority information was particularly helpful.
-
https://gitlab.com/alelec/pip-system-certs
- It extends the requests library to use the certificate authority information from the ssl library, which is a successor to python-certifi-win32, but it is a bit harder to use because it is limited to requests.
-
https://github.com/tiran/certifi-system-store
- It is designed for almost the same purpose as this library, but unfortunately it is for Linux/FreeBSD only. The information about the location of the certificate authority for each Linux distribution is very helpful.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
Hashes for certifi_system_store_wrapper-0.0.1.dev9-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 352cdc0c74590d1191843eefd8c23924e7359c6bb04551bb8cb8562335b3b502 |
|
MD5 | 1e0c9fa92ec833954f44cfc6a607ec28 |
|
BLAKE2b-256 | 3e6b7e7ca158c0bcb178c4f72b6fe5bc46dfdad7cb2900b607f568d4b13f97bd |