Utilities for creation of SSL/TLS security contexts for servers and clients

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for hvolkoff from gravatar.com hvolkoff

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: BSD License (BSD-3-Clause)
  • Author: Vítor Vasconcellos
  • Tags rsa, x509, openssl, security, certificate
  • Requires: Python >=3.6, <4.0
Classifiers

Project description

Secure Context

Utilities for creation of SSL/TLS security contexts for servers and clients

The purpose of this module is to expose, simple to use, secure definitions that follow current, community agreed, standards. As of now it offers methods for creation of client and server secure contexts.

It is STRONGLY RECOMMENDED that you READ the CODE BEFORE considering USING this library. I am NOT RESPONSIBLE if your product is hacked or cats become humans overlords due to usage of this code.

Documentation

Currently, only two functions are exported:

def create_server_ssl_context(
    cert_file: Union[Path, str],
    key_file: Union[Path, str],
    *,
    ca_file: Optional[Union[Path, str]] = None,
    ca_path: Optional[Union[Path, str]] = None,
    ca_data: Optional[Union[bytes, str]] = None,
    crl_file: Optional[Union[Path, str]] = None,
    protocols: Optional[List[str]] = None,
    ca_load_default: bool = False,
) -> ssl.SSLContext:
    """Create SSL context for TLS servers

    Args:
        cert_file: Path to SSL certificate file
        key_file: Path to private key file
        ca_file: Path to a file of concatenated CA certificates in PEM format
        ca_path: Path to a directory containing CA certificates in PEM format, following an OpenSSL specific layout
        ca_data: ASCII string of one or more PEM-encoded certificates or a bytes-like object of DER-encoded certificates
        crl_file: Path to a certificate revocation list file
        protocols: ALPN and NPN protocols accepted
        ca_load_default: Whether to load system defaults (default: {False})

    Note:
        If any of `ca_file`, `ca_path`, `ca_data` are defined client authentication will be enabled, which requires all
        clients to provide a accepted certificate to connect to the server.

    Raises:
        SSLError: Occurs if SSLContext creation fails
        FileNotFoundError: Occurs if a file path is invalid

    Returns:
        SSL context

    """
    ...

def create_client_authentication_ssl_context(
    cert_file: Union[Path, str],
    key_file: Union[Path, str],
    *,
    ca_file: Optional[Union[Path, str]] = None,
    ca_path: Optional[Union[Path, str]] = None,
    ca_data: Optional[Union[bytes, str]] = None,
    crl_file: Optional[Union[Path, str]] = None,
    protocols: Optional[List[str]] = None,
    check_hostname: bool = True,
) -> ssl.SSLContext:
    """Create SSL context for clients that require TLS client authentication

    WARNING:
        For clients that DO NOT require client authentication,
        ssl.create_default_context should be used instead

    Args:
        cert_file: Path to SSL certificate file
        key_file: Path to private key file
        ca_file: Path to a file of concatenated CA certificates in PEM format
        ca_path: Path to a directory containing CA certificates in PEM format, following an OpenSSL specific layout
        ca_data: ASCII string of one or more PEM-encoded certificates or a bytes-like object of DER-encoded certificates
        crl_file: Path to a certificate revocation list file
        protocols: ALPN and NPN protocols accepted
        check_hostname: Server hostname match (default: {False})

    Raises:
        SSLError: Occurs if SSLContext creation fails
        FileNotFoundError: Occurs if a file path is invalid

    Returns:
        SSL context

    """
    ...

License

Copyright © 2019-2021 Vítor Vasconcellos

BSD-3-Clause

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for hvolkoff from gravatar.com hvolkoff

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: BSD License (BSD-3-Clause)
  • Author: Vítor Vasconcellos
  • Tags rsa, x509, openssl, security, certificate
  • Requires: Python >=3.6, <4.0
Classifiers

Release history Release notifications | RSS feed

This version

2.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

secure_context-2.0.0.tar.gz (11.7 kB view hashes)

Uploaded Source

Built Distributions

secure_context-2.0.0-cp36-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (1.0 MB view hashes)

Uploaded CPython 3.6+ manylinux: glibc 2.17+ x86-64

secure_context-2.0.0-cp36-abi3-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl (1.2 MB view hashes)

Uploaded CPython 3.6+ manylinux: glibc 2.17+ ppc64le

secure_context-2.0.0-cp36-abi3-manylinux_2_17_i686.manylinux2014_i686.whl (1.1 MB view hashes)

Uploaded CPython 3.6+ manylinux: glibc 2.17+ i686

secure_context-2.0.0-cp36-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl (1.0 MB view hashes)

Uploaded CPython 3.6+ manylinux: glibc 2.17+ ARM64

secure_context-2.0.0-cp36-abi3-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (1.0 MB view hashes)

Uploaded CPython 3.6+ manylinux: glibc 2.12+ x86-64

secure_context-2.0.0-cp36-abi3-manylinux_2_12_i686.manylinux2010_i686.whl (1.1 MB view hashes)

Uploaded CPython 3.6+ manylinux: glibc 2.12+ i686

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page