truststore

What's Changed

• Fixed an issue for CPython 3.13 where ssl.SSLSocket and ssl.SSLObject certificate chain APIs would return different types by @sethmlarson in https://github.com/sethmlarson/truststore/pull/137

Full Changelog: https://github.com/sethmlarson/truststore/compare/v0.9.0...v0.9.1

What's Changed

• Add explicit support for Python 3.13 by @sethmlarson in https://github.com/sethmlarson/truststore/pull/132
• Fix loading of additional certificates for macOS by @sethmlarson in https://github.com/sethmlarson/truststore/pull/134
• Raise a better exception when peer sends no certificates on Windows by @sethmlarson in https://github.com/sethmlarson/truststore/pull/135

New Contributors

• @mgorny made their first contribution in https://github.com/sethmlarson/truststore/pull/111
• @stefanor made their first contribution in https://github.com/sethmlarson/truststore/pull/120

Full Changelog: https://github.com/sethmlarson/truststore/compare/v0.8.0...v0.9.0

• Added support for PyPy 3.10 by @sethmlarson in https://github.com/sethmlarson/truststore/pull/113

Full Changelog: https://github.com/sethmlarson/truststore/compare/v0.7.0...v0.8.0

• Changed the error raised when using an unsupported macOS version (10.7 or earlier) from an OSError to an ImportError to match the error raised in other situations where the module isn't supported.

• Fixed issue where a RecursionError that would be raised when setting SSLContext.minimum_version or .maximum_version.

Truststore is now beta! Truststore will be made the default in a future pip release.

• Added inject_into_ssl() and extract_from_ssl() to enable Truststore for all packages using ssl.SSLContext automatically.
• Added support for setting check_hostname, verify_mode, and verify_flags.
• Added pass-through implementations for many ssl.SSLContext methods like load_cert_chain(), set_alpn_protocols(), etc.

• Support for using truststore was released with pip v22.2!
  You can read more here about how to help us test truststore.
• Added David Glick as an author in packaging metadata.
• Added documentation for how to use truststore with urllib3, Requests, aiohttp, and pip.
• Changed macOS SecureTransport error handling to raise as ssl.SSLError with
  message from the OS.

⚠️ This package is experimental and shouldn't be used in applications

• Added more descriptive error messages to ssl.SSLCertVerificationError determined by the OS on macOS and Windows.
• Changed Windows to follow SSLContext.verify_flags for strictly checking CRLs instead of checking CRLs strictly by default.

⚠️ This package is experimental and shouldn't be used in applications

• Added support for loading extra CA certificates via SSLContext.load_verify_locations().
• Added type hints.
• Changed the name of TruststoreSSLContext to SSLContext.
• Changed certificate hostname verification to rely on macOS and Windows instead of OpenSSL.
• Fixed the order default certificates are loaded for OpenSSL backend.

⚠️ This package is experimental and shouldn't be used in applications

• Added support for Windows via CryptoAPI (Contributed by @davisagli)

⚠️ This package is experimental and shouldn't be used in applications

• Initial release with support for macOS and Linux.