#1 quality TLS certs while you wait, for the discerning tester

Navigation

Verified details

These details have been verified by PyPI
Owner
organization icon The Trio Collective

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License, MIT License (MIT -or- Apache License 2.0)
  • Author: Nathaniel J. Smith
Classifiers

Project description

https://vignette2.wikia.nocookie.net/jadensadventures/images/1/1e/Kaa%27s_hypnotic_eyes.jpg/revision/latest?cb=20140310173415

You wrote a cool network client or server. It encrypts connections using TLS. Your test suite needs to make TLS connections to itself.

Uh oh. Your test suite probably doesn’t have a valid TLS certificate. Now what?

trustme is a tiny Python package that does one thing: it gives you a fake certificate authority (CA) that you can use to generate fake TLS certs to use in your tests. Well, technically they’re real certs, they’re just signed by your CA, which nobody trusts. But you can trust it. Trust me.

Vital statistics

Install: pip install -U trustme

Documentation: https://trustme.readthedocs.io

Bug tracker and source code: https://github.com/python-trio/trustme

Tested on: Python 2.7 and Python 3.5+, CPython and PyPy

License: MIT or Apache 2, your choice.

Code of conduct: Contributors are requested to follow our code of conduct in all project spaces.

Cheat sheet

import trustme

# ----- Creating certs -----

# Look, you just created your own certificate authority!
ca = trustme.CA()

# And now you issued a cert signed by this fake CA
# https://en.wikipedia.org/wiki/Example.org
server_cert = ca.issue_cert(u"test-host.example.org")

# That's it!

# ----- Using your shiny new certs -----

# You can configure SSL context objects to trust this CA:
ca.configure_trust(ssl_context)
# Or configure them to present the server certificate
server_cert.configure_cert(ssl_context)
# You can use standard library or PyOpenSSL context objects here,
# trustme is happy either way.

# ----- or -----

# Save the PEM-encoded data to a file to use in non-Python test
# suites:
ca.cert_pem.write_to_path("ca.pem")
server_cert.private_key_and_cert_chain_pem.write_to_path("server.pem")

# ----- or -----

# Put the PEM-encoded data in a temporary file, for libraries that
# insist on that:
with ca.cert_pem.tempfile() as ca_temp_path:
    requests.get("https://...", verify=ca_temp_path)

FAQ

Should I use these certs for anything real? Certainly not.

Why not just use self-signed certificates? These are more realistic. You don’t have to disable your certificate validation code in your test suite, which is good, because you want to test what you run in production, and you would never disable your certificate validation code in production, right? Plus they’re just as easy to work with. Actually easier, in many cases.

What if I want to test how my code handles some really weird TLS configuration? Sure, I’m happy to extend the API to give more control over the generated certificates, at least as long as it doesn’t turn into a second-rate re-export of everything in cryptography. (If you really need a fully general X.509 library then they do a great job at that.) Let’s talk, or send a PR.

Project details

Verified details

These details have been verified by PyPI
Owner
organization icon The Trio Collective

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License, MIT License (MIT -or- Apache License 2.0)
  • Author: Nathaniel J. Smith
Classifiers

Release history Release notifications | RSS feed

1.2.0

1.1.0

1.0.0

0.9.0

0.8.0

0.7.0

0.6.0

0.5.3

This version

0.5.2

0.5.1

0.5.0

0.4.0

0.3.0

0.2.0

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

trustme-0.5.2.tar.gz (21.8 kB view details)

Uploaded Source

Built Distribution

trustme-0.5.2-py2.py3-none-any.whl (13.9 kB view details)

Uploaded Python 2 Python 3

File details

Details for the file trustme-0.5.2.tar.gz.

File metadata

  • Download URL: trustme-0.5.2.tar.gz
  • Upload date:
  • Size: 21.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.11.0 pkginfo/1.4.2 requests/2.22.0 setuptools/41.0.1 requests-toolbelt/0.8.0 tqdm/4.23.4 CPython/3.6.8

File hashes

Hashes for trustme-0.5.2.tar.gz
Algorithm Hash digest
SHA256 8b804c55c7bcb5186f1f408c9da1e5fda915e6fe0142f4411ea900c380456e80
MD5 34e0f194fdec080bc139b12da01a419b
BLAKE2b-256 6425677e7bfcae24b2ad7ba3c79516d84c137e3facb87328cf762a3c457af756

See more details on using hashes here.

Provenance

File details

Details for the file trustme-0.5.2-py2.py3-none-any.whl.

File metadata

  • Download URL: trustme-0.5.2-py2.py3-none-any.whl
  • Upload date:
  • Size: 13.9 kB
  • Tags: Python 2, Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.11.0 pkginfo/1.4.2 requests/2.22.0 setuptools/41.0.1 requests-toolbelt/0.8.0 tqdm/4.23.4 CPython/3.6.8

File hashes

Hashes for trustme-0.5.2-py2.py3-none-any.whl
Algorithm Hash digest
SHA256 39985bd115d9c9b4d8a8afa288b60410a792a8484205def795db569a624bcc86
MD5 cfe3eaf1fc260567eaf45d899f394c77
BLAKE2b-256 e6fe4fa04b5a57422d59fbd9cb8ab6ceed32efac6fcfae7b3d49e317bf951674

See more details on using hashes here.

Provenance

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page