This package provides authority information access (AIA) chasing from a host/leaf certificate to complete its chain of trust and generate an SSL context to establish a secure connection.
AIA, an extension of the X509 standard in RFC 5280, points a client towards two types of endpoints:
- CA Issuers: To fetch the issuer certificate.
- OSCP: To check the certificate's revocation status.
Thanks to this information, it is possible to complete the chain of trust of a certificate. Without AIA chasing, some HTTPS requests may fail if the endpoint does not provide all the certificates of its chain of trust.
You may have experienced that already when some HTTPS URL works on your
browser but fail when using curl or Python + requests. Then this
package could be of help to you 🦮.
The following examples showcase how to use this library with some typical Python HTTP libraries.
- Standard library's urlopen:
from urllib.request import urlopen
from aia_chaser import AiaChaser
url = "https://..."
chaser = AiaChaser()
context = chaser.make_ssl_context_for_url(url)
response = urlopen(url, context=context)- Using Requests: HTTP for Humans:
import requests
from aia_chaser import AiaChaser
chaser = AiaChaser()
url = "https://..."
context = chaser.make_ssl_context_for_url(url)
ca_data = chaser.fetch_ca_chain_for_url(url)
with tempfile.NamedTemporaryFile("wt") as pem_file:
pem_file.write(ca_data.to_pem())
pem_file.flush()
response = requests.get(url, verify=pem_file.name)- Using urllib3:
import urllib3
from aia_chaser import AiaChaser
url = "https://..."
chaser = AiaChaser()
context = chaser.make_ssl_context_for_url(url)
with urllib3.PoolManager(ssl_context=context) as pool:
respone = pool.request("GET", url)First of all, you must have the following tools installed and on
your $PATH.
Then, open a terminal on the project's directory and run:
make init- This project is based on aia.