tessl/pypi-pyopenssl
Python wrapper module around the OpenSSL library providing cryptographic functionality and TLS/SSL capabilities
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
- Describes
'%3e%3cpath%20d='M3.389%209.069c0-.009.043-.033.029-.044L.029%207.77l3.287-1.197L6.574%207.77l.106.083.005%204-3.297%201.185V9.068ZM13.582%209.32V2.74l3.405%201.238v4.104L13.583%209.32ZM10.253%2014.66l-3.476%201.268v-4.027l3.476-1.313v4.072ZM10.253%2010.558l-3.476%201.239V7.784l3.476-1.268v4.042ZM10.253%2014.719v3.968L6.777%2020v-3.998l3.476-1.283ZM17%208.139v4.042l-3.418%201.239V9.378L17%208.138ZM3.3%2017.168%200%2015.943v-4.027l3.3%201.224v4.028ZM6.69%2011.916v4.027l-3.302%201.225v-4.072l3.301-1.18ZM6.69%203.743v4.012l-3.33-1.21V2.564l3.33%201.18Z'/%3e%3cpath%20d='M3.3%2013.066%200%2011.842V7.844l3.3%201.224v3.998ZM13.524%209.334l-.175.088.175-.014v4.027l-3.152%201.183-.06-.032v-3.983l1.986-.767-.111.006-1.876.657V6.531l3.213-1.224v4.027Zm-.263.133c-.065.008-.198.023-.233.088.065-.008.198-.023.233-.088Zm-.321.118c-.065.008-.198.023-.233.088.065-.009.198-.023.233-.088Zm-.321.118c-.066.008-.199.023-.234.088.065-.008.199-.023.234-.088ZM13.524%201.266v3.968l-3.213%201.195V2.46l3.213-1.194ZM10.253%202.475v3.968L6.777%207.726V3.743l3.476-1.268ZM8.2%204.458c-.304.064-.627.5-.708.79-.27.963.636%201.081%201.091.364.277-.437.354-1.308-.383-1.154ZM13.524%2013.51v3.983l-3.17%201.177c-.011%200-.043-.067-.043-.07v-3.895l3.213-1.195Zm-.884%201.63c-.495.085-1.068%201.015-.676%201.435.483.517%201.502-.636%201.147-1.246-.098-.169-.286-.221-.47-.19ZM10.165%202.387l-.037.065-3.395%201.249-3.345-1.212L6.88%201.21l3.285%201.178ZM13.437%201.177l-.088.073-3.057%201.127-3.034-1.082-.277-.133L10.151%200l3.286%201.177Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h17v20H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
To install, run
npx @tessl/cli install tessl/pypi-pyopenssl@25.1.00
# pyOpenSSL
1
2
A Python wrapper around the OpenSSL library providing cryptographic functionality and TLS/SSL capabilities. pyOpenSSL offers SSL.Connection objects that wrap Python's portable sockets, Python-based callbacks, and an extensive error-handling mechanism that mirrors OpenSSL's error codes. The library serves as a high-level interface for secure network communications, certificate handling, and cryptographic operations in Python applications.
3
4
## Package Information
5
6
- **Package Name**: pyOpenSSL
7
- **Language**: Python
8
- **Installation**: `pip install pyopenssl`
9
10
## Core Imports
11
12
```python
13
import OpenSSL
14
from OpenSSL import SSL, crypto, rand, debug
15
```
16
17
Individual components:
18
19
```python
20
from OpenSSL.SSL import Context, Connection, Session
21
from OpenSSL.crypto import X509, PKey, X509Store, X509Name, load_certificate, dump_certificate
22
from OpenSSL.rand import add, status # Deprecated
23
```
24
25
Version information:
26
27
```python
28
from OpenSSL import __version__, __title__, __author__, __uri__
29
```
30
31
## Basic Usage
32
33
```python
34
from OpenSSL import SSL, crypto
35
import socket
36
37
# Create an SSL context for a client connection
38
context = SSL.Context(SSL.TLS_CLIENT_METHOD)
39
context.set_default_verify_paths()
40
context.set_verify(SSL.VERIFY_PEER, None)
41
42
# Create a socket and wrap it with SSL
43
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
44
connection = SSL.Connection(context, sock)
45
connection.connect(('www.example.com', 443))
46
connection.do_handshake()
47
48
# Send HTTP request
49
connection.send(b'GET / HTTP/1.0\r\nHost: www.example.com\r\n\r\n')
50
response = connection.recv(4096)
51
print(response.decode())
52
53
connection.close()
54
```
55
56
Certificate management example:
57
58
```python
59
from OpenSSL import crypto
60
61
# Load a certificate from file
62
with open('certificate.pem', 'rb') as f:
63
cert_data = f.read()
64
65
cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert_data)
66
67
# Examine certificate properties
68
print("Subject:", cert.get_subject().CN)
69
print("Issuer:", cert.get_issuer().CN)
70
print("Serial Number:", cert.get_serial_number())
71
print("Has Expired:", cert.has_expired())
72
```
73
74
## Architecture
75
76
pyOpenSSL provides several modules with distinct responsibilities:
77
78
- **SSL Module**: High-level SSL/TLS connection handling with Context objects for configuration and Connection objects that wrap sockets with SSL/TLS capabilities
79
- **Crypto Module**: X.509 certificate operations, cryptographic key management, and certificate store operations for trust validation
80
- **Rand Module** (Deprecated): Random number generation utilities for backward compatibility
81
- **Debug Module**: Environment and build information for debugging
82
83
The library integrates with Python's cryptography library, providing conversion methods between pyOpenSSL objects and cryptography objects for interoperability. Version information is available through module-level constants.
84
85
## Capabilities
86
87
### SSL/TLS Connections
88
89
Complete SSL/TLS client and server connection handling with support for modern protocols (TLS 1.2, 1.3), DTLS, session management, and advanced features like SNI, ALPN, and OCSP stapling.
90
91
```python { .api }
92
class Context:
93
def __init__(self, method: int): ...
94
def set_verify(self, mode: int, callback=None): ...
95
def use_certificate_file(self, certfile, filetype=FILETYPE_PEM): ...
96
def use_privatekey_file(self, keyfile, filetype=FILETYPE_PEM): ...
97
98
class Connection:
99
def __init__(self, context: Context, socket=None): ...
100
def connect(self, addr): ...
101
def do_handshake(): ...
102
def send(self, buf, flags=0) -> int: ...
103
def recv(self, bufsiz, flags=None) -> bytes: ...
104
```
105
106
[SSL Connections](./ssl-connections.md)
107
108
### X.509 Certificate Management
109
110
Comprehensive X.509 certificate lifecycle management including creation, signing, verification, and parsing with support for certificate extensions, distinguished names, and certificate stores.
111
112
```python { .api }
113
class X509:
114
def __init__(): ...
115
def get_subject() -> X509Name: ...
116
def set_subject(subject: X509Name): ...
117
def sign(pkey: PKey, digest: str): ...
118
def has_expired() -> bool: ...
119
120
def load_certificate(type: int, buffer: bytes) -> X509: ...
121
def dump_certificate(type: int, cert: X509) -> bytes: ...
122
```
123
124
[Certificate Management](./certificate-management.md)
125
126
### Cryptographic Keys
127
128
Asymmetric key operations supporting RSA, DSA, EC, Ed25519, and Ed448 keys with generation, loading, serialization, and conversion capabilities.
129
130
```python { .api }
131
class PKey:
132
def __init__(): ...
133
def generate_key(type: int, bits: int): ...
134
def check() -> bool: ...
135
def to_cryptography_key(): ...
136
137
def load_privatekey(type: int, buffer: str | bytes, passphrase=None) -> PKey: ...
138
def dump_privatekey(type: int, pkey: PKey, cipher=None, passphrase=None) -> bytes: ...
139
```
140
141
[Cryptographic Keys](./cryptographic-keys.md)
142
143
### Certificate Verification
144
145
Certificate trust store management and verification operations with support for certificate chains, CRL checking, and custom verification policies.
146
147
```python { .api }
148
class X509Store:
149
def __init__(): ...
150
def add_cert(cert: X509): ...
151
def set_flags(flags: int): ...
152
153
class X509StoreContext:
154
def __init__(store: X509Store, certificate: X509, chain=None): ...
155
def verify_certificate(): ...
156
```
157
158
[Certificate Verification](./certificate-verification.md)
159
160
### Random Number Generation (Deprecated)
161
162
Legacy random number generation utilities for entropy seeding. These functions are deprecated as modern OpenSSL handles seeding automatically.
163
164
```python { .api }
165
@deprecated
166
def add(buffer: bytes, entropy: int) -> None: ...
167
@deprecated
168
def status() -> int: ...
169
```
170
171
[Random Number Generation](./rand-module.md)
172
173
### Version and Debug Information
174
175
Access to package version information and OpenSSL build details for debugging and compatibility checking.
176
177
```python { .api }
178
__version__: str # Package version
179
__title__: str # Package name
180
__author__: str # Package authors
181
__uri__: str # Package homepage
182
183
# OpenSSL version information (from SSL module)
184
OPENSSL_VERSION: bytes # OpenSSL version string
185
OPENSSL_VERSION_NUMBER: int # OpenSSL version number
186
```