Skip to main content

Python bindings for Network Security Services (NSS) and Netscape Portable Runtime (NSPR)

Project description

python-nss-ng

Platform Compatibility CI/CD Pipeline Python 3.10+ License: MPL-2.0

Python bindings for Network Security Services (NSS) and Netscape Portable Runtime (NSPR).

Supported Platforms

python-nss-ng officially supports:

  • Linux (all major distributions)
  • macOS

Windows is NOT supported. Attempting to import python-nss-ng on Windows will raise a RuntimeError.

Overview

python-nss-ng is a Python binding for NSS (Network Security Services) and NSPR (Netscape Portable Runtime). NSS provides cryptography services supporting SSL, TLS, PKI, PKIX, X509, PKCS*, etc. NSS is an alternative to OpenSSL and used extensively by major software projects. NSS is FIPS-140 certified.

NSS uses NSPR because NSPR provides an abstraction of common operating system services, in the areas of networking and process management. Python also provides an abstraction of common operating system services but because NSS and NSPR have tight coupling, python-nss-ng exposes elements of NSPR.

Project Modernization (2025)

This project received modernization work to support current Python versions and build standards:

Changes Made

  • Python Support: Now supports Python 3.10, 3.11, 3.12, 3.13, and 3.14
  • Build System: Migrated from legacy distutils to modern setuptools with pyproject.toml
  • Version Management: Implemented dynamic versioning using setuptools-scm
  • Package Structure: Follows current PEP standards (PEP 517, PEP 518, PEP 621)
  • Development Tools: Added support for uv, modern testing with pytest, and code quality with ruff

NSS/NSPR Compatibility

C Extension Compatibility: The C code now compiles with NSS 3.100+ and works with NSS 3.117.

Recent Fixes:

  • Resolved typedef conflicts (RSAPublicKeyPyRSAPublicKey, etc.)
  • Fixed SPDX comment block formatting issues
  • All 32 tests pass with NSS 3.117 and NSPR 4.38

Tested Versions:

  • NSS 3.117
  • NSPR 4.38.2
  • Python 3.10, 3.11, 3.12, 3.13, 3.14

System Requirements

Required Libraries

Before building python-nss-ng, you need the C language header files and libraries for both NSPR and NSS installed. This is system and distribution specific.

Fedora/RHEL/CentOS

sudo dnf install nss-devel nspr-devel

Debian/Ubuntu

sudo apt-get install libnss3-dev libnspr4-dev

macOS (Homebrew)

brew install nss nspr

Installation

Using uv (Recommended)

# Create a virtual environment with Python 3.10+
uv venv --python 3.10

# Activate the environment
source .venv/bin/activate  # Linux/macOS
# or
.venv\Scripts\activate  # Windows

# Install in development mode
uv pip install -e ".[dev]"

Using pip

# Create a virtual environment
python3 -m venv .venv
source .venv/bin/activate

# Install in development mode
pip install -e ".[dev]"

Custom Include/Library Paths

If NSS/NSPR live in non-standard locations, set the NSS_INCLUDE_ROOTS environment variable:

export NSS_INCLUDE_ROOTS="/custom/path/include:/another/path/include"
pip install -e .

Development

Test Dependencies

The test suite requires NSS command-line tools for certificate generation:

NSS Tools: Fedora/RHEL/CentOS

sudo dnf install nss-tools

NSS Tools: Debian/Ubuntu

sudo apt-get install libnss3-tools

NSS Tools: macOS (Homebrew)

The nss package includes NSS tools:

brew install nss

Running Tests

Quick Start (Automated)

Use the comprehensive test runner script that handles all setup:

# Run all tests (handles setup, builds C extension, creates certificates)
./scripts/run-all-tests.sh

# Quick mode: pure Python tests only (no C extension build needed)
./scripts/run-all-tests.sh --quick

# Other options
./scripts/run-all-tests.sh --help

The script automatically:

  • Checks for dependencies (uv, NSS, NSPR)
  • Creates virtual environment
  • Installs test dependencies
  • Builds C extension (if needed)
  • Sets up test certificates
  • Runs tests

Manual Testing

# Install with test dependencies
uv pip install -e ".[test]"

# Run tests (recommended for reliability)
pytest test/ -n0

# Or run with parallel execution (may have occasional intermittent failures)
pytest test/

Note: Some tests have known intermittent failures with parallel execution. Tests automatically generate certificates in a pki/ directory within the test folder using certutil from nss-tools. For fully reliable results, use -n0 to disable parallel execution. See TESTING.md for details about test reliability and certificate generation.

Building

# Build source distribution and wheel
uv pip install build
python -m build

Build Performance ⚡

Builds are now 40-80% faster thanks to automatic optimizations:

  • Probe Caching: Library locations cached (27% faster)
  • Parallel Compilation: Uses all CPU cores (40% faster)
  • ccache in CI: Compilation results cached (78% faster CI)

All optimizations work automatically! For even faster local builds:

# Optional: Install ccache for 87% faster rebuilds
brew install ccache  # macOS
export CC="ccache clang"

See BUILD_OPTIMIZATION_QUICKSTART.md for details.

Code Quality

Check code style and format code:

ruff check .
ruff format .

Project Structure

python-nss-ng/
├── src/                    # C extension source files and Python package
│   ├── __init__.py        # Main package initialization
│   ├── py_nss.c           # NSS bindings
│   ├── py_ssl.c           # SSL/TLS bindings
│   ├── py_nspr_io.c       # NSPR I/O bindings
│   └── py_nspr_error.c    # NSPR error handling
├── test/                  # Test suite
├── doc/                   # Documentation
├── pyproject.toml        # Modern Python project configuration
├── meson.build           # Meson build configuration
└── MANIFEST.in           # Source distribution file inclusion rules

Documentation

More information on python-nss-ng is available on the python-nss-ng project page.

For information on NSS and NSPR, see the following:

License

This project is triple-licensed under:

  • Mozilla Public License 2.0 (MPL-2.0)
  • GNU General Public License v2 or later (GPLv2+)
  • GNU Lesser General Public License v2 or later (LGPLv2+)

See LICENSE.mpl, LICENSE.gpl, and LICENSE.lgpl files for details.

Contributing

This is a modernization effort for an existing project. Contributions to fix the NSS compatibility issues and modernize the C code are welcome!

Priority Issues

  1. Fix C code compatibility with NSS 3.100+
  2. Update API usage for modern NSS/NSPR
  3. Add comprehensive test coverage
  4. Improve documentation
  5. Add type hints to Python code

Authors and Maintainers

  • Original Author: John Dennis jdennis@redhat.com
  • Current Maintainer: Project seeking active maintainer

Support

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

python_nss_ng-1.2.1.tar.gz (481.5 kB view details)

Uploaded Source

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

python_nss_ng-1.2.1-cp314-cp314-manylinux_2_38_x86_64.whl (1.7 MB view details)

Uploaded CPython 3.14manylinux: glibc 2.38+ x86-64

python_nss_ng-1.2.1-cp314-cp314-manylinux_2_38_aarch64.whl (1.7 MB view details)

Uploaded CPython 3.14manylinux: glibc 2.38+ ARM64

python_nss_ng-1.2.1-cp313-cp313-manylinux_2_38_x86_64.whl (1.7 MB view details)

Uploaded CPython 3.13manylinux: glibc 2.38+ x86-64

python_nss_ng-1.2.1-cp313-cp313-manylinux_2_38_aarch64.whl (1.7 MB view details)

Uploaded CPython 3.13manylinux: glibc 2.38+ ARM64

python_nss_ng-1.2.1-cp312-cp312-manylinux_2_38_x86_64.whl (1.7 MB view details)

Uploaded CPython 3.12manylinux: glibc 2.38+ x86-64

python_nss_ng-1.2.1-cp312-cp312-manylinux_2_38_aarch64.whl (1.7 MB view details)

Uploaded CPython 3.12manylinux: glibc 2.38+ ARM64

python_nss_ng-1.2.1-cp311-cp311-manylinux_2_38_x86_64.whl (1.7 MB view details)

Uploaded CPython 3.11manylinux: glibc 2.38+ x86-64

python_nss_ng-1.2.1-cp311-cp311-manylinux_2_38_aarch64.whl (1.7 MB view details)

Uploaded CPython 3.11manylinux: glibc 2.38+ ARM64

python_nss_ng-1.2.1-cp310-cp310-manylinux_2_38_x86_64.whl (1.7 MB view details)

Uploaded CPython 3.10manylinux: glibc 2.38+ x86-64

python_nss_ng-1.2.1-cp310-cp310-manylinux_2_38_aarch64.whl (1.7 MB view details)

Uploaded CPython 3.10manylinux: glibc 2.38+ ARM64

File details

Details for the file python_nss_ng-1.2.1.tar.gz.

File metadata

  • Download URL: python_nss_ng-1.2.1.tar.gz
  • Upload date:
  • Size: 481.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.2.0 CPython/3.12.13

File hashes

Hashes for python_nss_ng-1.2.1.tar.gz
Algorithm Hash digest
SHA256 a5d081933f762ab9041ed9a58f786ffa42475e478fb1eef540eb29890c70c40d
MD5 ca8614831c934885ce6dcdca8dad9eec
BLAKE2b-256 8e0c8bb5cfa8bfa869383b870ee138094a75a2fa9869ded83005993bd7267c2d

See more details on using hashes here.

Provenance

The following attestation bundles were made for python_nss_ng-1.2.1.tar.gz:

Publisher: build-test-release.yaml on lfreleng-actions/python-nss-ng

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file python_nss_ng-1.2.1-cp314-cp314-manylinux_2_38_x86_64.whl.

File metadata

File hashes

Hashes for python_nss_ng-1.2.1-cp314-cp314-manylinux_2_38_x86_64.whl
Algorithm Hash digest
SHA256 a3237290414d800caceba50cfbe884bae3eb79c3905e943b786212a3fceb73fd
MD5 fbc3082576df938e4459183a9f75f1f3
BLAKE2b-256 99e729d70d881329fca43bd1af8e91c483699caa7b7258d6613cdf27533c097c

See more details on using hashes here.

Provenance

The following attestation bundles were made for python_nss_ng-1.2.1-cp314-cp314-manylinux_2_38_x86_64.whl:

Publisher: build-test-release.yaml on lfreleng-actions/python-nss-ng

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file python_nss_ng-1.2.1-cp314-cp314-manylinux_2_38_aarch64.whl.

File metadata

File hashes

Hashes for python_nss_ng-1.2.1-cp314-cp314-manylinux_2_38_aarch64.whl
Algorithm Hash digest
SHA256 d9075337b9fc5acb3ede5196e62910e01e99a4f368ff17a503eacf952ff9e1f0
MD5 b107e929511d36ab673a6d5f988e94c4
BLAKE2b-256 9ab73002262e2507968845195e01dd9e8931c945f80d96ac5e4ded054d3d1a1e

See more details on using hashes here.

Provenance

The following attestation bundles were made for python_nss_ng-1.2.1-cp314-cp314-manylinux_2_38_aarch64.whl:

Publisher: build-test-release.yaml on lfreleng-actions/python-nss-ng

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file python_nss_ng-1.2.1-cp313-cp313-manylinux_2_38_x86_64.whl.

File metadata

File hashes

Hashes for python_nss_ng-1.2.1-cp313-cp313-manylinux_2_38_x86_64.whl
Algorithm Hash digest
SHA256 2f5cc4009167b62b51e733f0f20a9d2d3218b1a0011b71bd6a5bc87af2f858bb
MD5 7f6391bcafa902eecd50572f52bb9914
BLAKE2b-256 0ea80739519b5965b97affacacff73feb7f8b07462dad23c87e26c211ab255e4

See more details on using hashes here.

Provenance

The following attestation bundles were made for python_nss_ng-1.2.1-cp313-cp313-manylinux_2_38_x86_64.whl:

Publisher: build-test-release.yaml on lfreleng-actions/python-nss-ng

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file python_nss_ng-1.2.1-cp313-cp313-manylinux_2_38_aarch64.whl.

File metadata

File hashes

Hashes for python_nss_ng-1.2.1-cp313-cp313-manylinux_2_38_aarch64.whl
Algorithm Hash digest
SHA256 c033ad511062a9a34aeb7a00763db193c9020169813a5dd4e194c775550f88bc
MD5 b5449eb6ab5bc0970a124cbafbf52108
BLAKE2b-256 cb992f80788ca701bfaa3f55c845f21e7628eafae040a3c2ee8b8a7afacfa0c3

See more details on using hashes here.

Provenance

The following attestation bundles were made for python_nss_ng-1.2.1-cp313-cp313-manylinux_2_38_aarch64.whl:

Publisher: build-test-release.yaml on lfreleng-actions/python-nss-ng

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file python_nss_ng-1.2.1-cp312-cp312-manylinux_2_38_x86_64.whl.

File metadata

File hashes

Hashes for python_nss_ng-1.2.1-cp312-cp312-manylinux_2_38_x86_64.whl
Algorithm Hash digest
SHA256 894b2555964235a07394c746a450cefec01d577aa44358488300f1dfb0469835
MD5 4b247496e555fc7e44ea3dbe42d8c15b
BLAKE2b-256 47229b6a72f9736cd1ca58a899ded7a03de6ffc8b8f50983f8710e9ef93baf81

See more details on using hashes here.

Provenance

The following attestation bundles were made for python_nss_ng-1.2.1-cp312-cp312-manylinux_2_38_x86_64.whl:

Publisher: build-test-release.yaml on lfreleng-actions/python-nss-ng

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file python_nss_ng-1.2.1-cp312-cp312-manylinux_2_38_aarch64.whl.

File metadata

File hashes

Hashes for python_nss_ng-1.2.1-cp312-cp312-manylinux_2_38_aarch64.whl
Algorithm Hash digest
SHA256 6097325e01a62dea383e539ae3f1472556ecdfee74cadc03710948dd92968b78
MD5 b7a57d1c5d281592429f5164f2d7918f
BLAKE2b-256 64f46da8d9c86a9f55c164770760944d887928bd98873e6e324786f96d94071c

See more details on using hashes here.

Provenance

The following attestation bundles were made for python_nss_ng-1.2.1-cp312-cp312-manylinux_2_38_aarch64.whl:

Publisher: build-test-release.yaml on lfreleng-actions/python-nss-ng

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file python_nss_ng-1.2.1-cp311-cp311-manylinux_2_38_x86_64.whl.

File metadata

File hashes

Hashes for python_nss_ng-1.2.1-cp311-cp311-manylinux_2_38_x86_64.whl
Algorithm Hash digest
SHA256 28b16fc61c563a8385d6a058971da721fb140f39ead205458c085d147b768cef
MD5 3d726a77689ec51ff133e6ba7bc50e7b
BLAKE2b-256 29f5fa8e90d5baeba395cf3a508aeaaece15943cafd676cf767dbe35c0f9643e

See more details on using hashes here.

Provenance

The following attestation bundles were made for python_nss_ng-1.2.1-cp311-cp311-manylinux_2_38_x86_64.whl:

Publisher: build-test-release.yaml on lfreleng-actions/python-nss-ng

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file python_nss_ng-1.2.1-cp311-cp311-manylinux_2_38_aarch64.whl.

File metadata

File hashes

Hashes for python_nss_ng-1.2.1-cp311-cp311-manylinux_2_38_aarch64.whl
Algorithm Hash digest
SHA256 d45d3fb8df91e9aa147dbe09d7242446820bdef6ba6d4a2a3114ba05ccc5780d
MD5 581c413536012312687d6110573ade22
BLAKE2b-256 a4e24764173fccb1459d6b8d4697ab4756e9fc534748caf3d280cbf80a396c46

See more details on using hashes here.

Provenance

The following attestation bundles were made for python_nss_ng-1.2.1-cp311-cp311-manylinux_2_38_aarch64.whl:

Publisher: build-test-release.yaml on lfreleng-actions/python-nss-ng

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file python_nss_ng-1.2.1-cp310-cp310-manylinux_2_38_x86_64.whl.

File metadata

File hashes

Hashes for python_nss_ng-1.2.1-cp310-cp310-manylinux_2_38_x86_64.whl
Algorithm Hash digest
SHA256 242f1dfd29cb29912da1053c9c676ce6f61a922398ee7bd26c8e6699a5ec4364
MD5 9015a7c3bfd040dd94d50388573a32ea
BLAKE2b-256 6b0b371c33ad0fc09d60534e2aff16c83156225f1c44a2afffc62099cfcc4d6c

See more details on using hashes here.

Provenance

The following attestation bundles were made for python_nss_ng-1.2.1-cp310-cp310-manylinux_2_38_x86_64.whl:

Publisher: build-test-release.yaml on lfreleng-actions/python-nss-ng

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file python_nss_ng-1.2.1-cp310-cp310-manylinux_2_38_aarch64.whl.

File metadata

File hashes

Hashes for python_nss_ng-1.2.1-cp310-cp310-manylinux_2_38_aarch64.whl
Algorithm Hash digest
SHA256 46ef61976ded642613be8a23f79570f58612e42cd564c5f9a494bf3fcde840b2
MD5 3f29701fd310017bfd6879f4f5dedbfe
BLAKE2b-256 a0cb3f33cf9184486f8656ef1b2757ca5816ffb0e6398c58e2a7c4aa1bd6b257

See more details on using hashes here.

Provenance

The following attestation bundles were made for python_nss_ng-1.2.1-cp310-cp310-manylinux_2_38_aarch64.whl:

Publisher: build-test-release.yaml on lfreleng-actions/python-nss-ng

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page