Utilities for creation of SSL/TLS security contexts for servers and clients
Project description
Secure Context
Utilities for creation of SSL/TLS security contexts for servers and clients
The purpose of this module is to expose, simple to use, secure definitions that follow current, community agreed, standards. As of now it offers methods for creation of client and server secure contexts.
It is STRONGLY RECOMMENDED that you READ the CODE BEFORE considering USING this library. I am NOT RESPONSIBLE if your product is hacked or cats become humans overlords due to usage of this code.
Documentation
Currently, only two functions are exported:
def create_server_ssl_context(
cert_file: Union[Path, str],
key_file: Union[Path, str],
*,
ca_file: Optional[Union[Path, str]] = None,
ca_path: Optional[Union[Path, str]] = None,
ca_data: Optional[Union[bytes, str]] = None,
crl_file: Optional[Union[Path, str]] = None,
protocols: Optional[List[str]] = None,
ca_load_default: bool = False,
) -> ssl.SSLContext:
"""Create SSL context for TLS servers
Args:
cert_file: Path to SSL certificate file
key_file: Path to private key file
ca_file: Path to a file of concatenated CA certificates in PEM format
ca_path: Path to a directory containing CA certificates in PEM format, following an OpenSSL specific layout
ca_data: ASCII string of one or more PEM-encoded certificates or a bytes-like object of DER-encoded certificates
crl_file: Path to a certificate revocation list file
protocols: ALPN and NPN protocols accepted
ca_load_default: Whether to load system defaults (default: {False})
Note:
If any of `ca_file`, `ca_path`, `ca_data` are defined client authentication will be enabled, which requires all
clients to provide a accepted certificate to connect to the server.
Raises:
SSLError: Occurs if SSLContext creation fails
FileNotFoundError: Occurs if a file path is invalid
Returns:
SSL context
"""
...
def create_client_authentication_ssl_context(
cert_file: Union[Path, str],
key_file: Union[Path, str],
*,
ca_file: Optional[Union[Path, str]] = None,
ca_path: Optional[Union[Path, str]] = None,
ca_data: Optional[Union[bytes, str]] = None,
crl_file: Optional[Union[Path, str]] = None,
protocols: Optional[List[str]] = None,
check_hostname: bool = True,
) -> ssl.SSLContext:
"""Create SSL context for clients that require TLS client authentication
WARNING:
For clients that DO NOT require client authentication,
ssl.create_default_context should be used instead
Args:
cert_file: Path to SSL certificate file
key_file: Path to private key file
ca_file: Path to a file of concatenated CA certificates in PEM format
ca_path: Path to a directory containing CA certificates in PEM format, following an OpenSSL specific layout
ca_data: ASCII string of one or more PEM-encoded certificates or a bytes-like object of DER-encoded certificates
crl_file: Path to a certificate revocation list file
protocols: ALPN and NPN protocols accepted
check_hostname: Server hostname match (default: {False})
Raises:
SSLError: Occurs if SSLContext creation fails
FileNotFoundError: Occurs if a file path is invalid
Returns:
SSL context
"""
...
License
Copyright © 2019-2021 Vítor Vasconcellos
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
Hashes for secure_context-2.0.0-cp36-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 2f48e606dd070f075aeeb6a9c2c332c240c6cf142d185f08770d4c47466cbb7e |
|
MD5 | 948dfb6c27b2e39936569b4b792386fa |
|
BLAKE2b-256 | 7616d1750322e00d6074a6355b036f876f4f5a83f81144025852e4efa5a449e1 |
Hashes for secure_context-2.0.0-cp36-abi3-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 62306361f12ba7bef72847f62052433682ad632cb32b2f8477149baf636f7705 |
|
MD5 | 19f1c778947749c214bcd542690e2302 |
|
BLAKE2b-256 | 8ec547813379e1f83f3b0d0a4617c3e2b6bba9344a117d7c745db40ea40256b4 |
Hashes for secure_context-2.0.0-cp36-abi3-manylinux_2_17_i686.manylinux2014_i686.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 8bdd98f14a3203ace5bb970432c4f0d1ab0348bde754412248edfb77ce52917e |
|
MD5 | bf7a08c07949ac2f2cdcf31aeeafad0d |
|
BLAKE2b-256 | 9c4ad0d0448ae31eba3eb4c9ba7dac9f78459fbb4eaec0bcee7940c37c429371 |
Hashes for secure_context-2.0.0-cp36-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 8ce45519154355565efdda3c85449a6536e1331bd59bdc555f34adeb36324859 |
|
MD5 | d56b2d601fc2281d1e570dcec5f470a1 |
|
BLAKE2b-256 | 2e32b662e237489d7ade0c884d9ed4549659d263b0c3375b9e6e3c63340af2ac |
Hashes for secure_context-2.0.0-cp36-abi3-manylinux_2_12_x86_64.manylinux2010_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 0ca8a9f80003fda806a2e1d7bbba5c06baf1648bbb6d17a458dda60373d61722 |
|
MD5 | d715113d676676246f8a56b38ab222ee |
|
BLAKE2b-256 | fdefc2cf505bb366613619d294058e928028b17fe372b879bf4d3b8f5e1591eb |
Hashes for secure_context-2.0.0-cp36-abi3-manylinux_2_12_i686.manylinux2010_i686.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 9ddadc0a896e12ade9935160df3421e1c07f3cb7116b4674cfc1eed403d68321 |
|
MD5 | e1ddafc154368a87825f1718d9ffea4f |
|
BLAKE2b-256 | 7757215071ee5b91c3b1da70a3d06ecfbe1361a26c58b3c5781c14d7625d0277 |