alihan/pip-system-certs
1
0
Fork 0
mirror of https://gitlab.com/alelec/pip-system-certs.git synced 2024-03-10 03:47:37 +03:00
Code Issues Packages Projects Releases Wiki Activity
22 Commits 4 Branches 15 Tags
master
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE

README.rst 

================
pip-system-certs
================

This package patches pip and requests at runtime to use certificates from the default system store (rather than the bundled certs ca).

This will allow pip to verify tls/ssl connections to servers who's cert is trusted by your system install.

Simply install with::

  pip install pip_system_certs

and pip should trust your https sites if your host os does.

This also extends to all direct uses of the requests library (and other packages that use requests)

Compatibility
-------------
``pip-system-certs`` uses a live-patching system to target the ``requests`` library and force it
to use `ssl_context.load_default_certs()<https://docs.python.org/3/library/ssl.html#ssl.SSLContext.load_default_certs>`_

This should work for any package that uses ``requests`` behind the scenes for web communication,
however a patching system is often unreliable so if you find something that doesn't work,
feel free to raise an issue on https://gitlab.com/alelec/pip-system-certs/-/issues

As the underlying support is provided by the official python ``ssl`` module it _should_ work
on any platform officially supported by python. That being said, different platforms do handle
ssl certificates quite differently so compatibility issues may arise.

Known Issues
------------
* ``conda`` virtual environments on Linux install a separate ssl certificate store which is then
used, preventing this package from seeing certificates installed in the system store.

PyInstaller
-----------
The method used to automatically enable the cert handling in requests/pip/etc relies on a ``.pth``
file script that python loads at startup. This method does not work when a python application is
bundled into an executable with PyInstaller (or similar).

If you want to use this tool in an application built with PyInstaller it will need to be manually
enabled in your application.

This can be done by adding the following line to the top of your main application script::

    import pip_system_certs.wrapt_requests

This must be run before ``requests`` is imported.

Acknowledgements
----------------
The method of patching at runtime is built from the autowrapt module: https://pypi.python.org/pypi/autowrapt
Description
Live patches pip and requests to use system certs by default
Readme BSD-2-Clause 63 KiB
Languages
Python 83.7%
Shell 16.3%