tessl/pypi-pyopenssl
Python wrapper module around the OpenSSL library providing cryptographic functionality and TLS/SSL capabilities
—
Pending
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Pending
The risk profile of this skill
pyOpenSSL
A Python wrapper around the OpenSSL library providing cryptographic functionality and TLS/SSL capabilities. pyOpenSSL offers SSL.Connection objects that wrap Python's portable sockets, Python-based callbacks, and an extensive error-handling mechanism that mirrors OpenSSL's error codes. The library serves as a high-level interface for secure network communications, certificate handling, and cryptographic operations in Python applications.
Package Information
- Package Name: pyOpenSSL
- Language: Python
- Installation:
pip install pyopenssl
Core Imports
import OpenSSL
from OpenSSL import SSL, crypto, rand, debugIndividual components:
from OpenSSL.SSL import Context, Connection, Session
from OpenSSL.crypto import X509, PKey, X509Store, X509Name, load_certificate, dump_certificate
from OpenSSL.rand import add, status # DeprecatedVersion information:
from OpenSSL import __version__, __title__, __author__, __uri__Basic Usage
from OpenSSL import SSL, crypto
import socket
# Create an SSL context for a client connection
context = SSL.Context(SSL.TLS_CLIENT_METHOD)
context.set_default_verify_paths()
context.set_verify(SSL.VERIFY_PEER, None)
# Create a socket and wrap it with SSL
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
connection = SSL.Connection(context, sock)
connection.connect(('www.example.com', 443))
connection.do_handshake()
# Send HTTP request
connection.send(b'GET / HTTP/1.0\r\nHost: www.example.com\r\n\r\n')
response = connection.recv(4096)
print(response.decode())
connection.close()Certificate management example:
from OpenSSL import crypto
# Load a certificate from file
with open('certificate.pem', 'rb') as f:
cert_data = f.read()
cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert_data)
# Examine certificate properties
print("Subject:", cert.get_subject().CN)
print("Issuer:", cert.get_issuer().CN)
print("Serial Number:", cert.get_serial_number())
print("Has Expired:", cert.has_expired())Architecture
pyOpenSSL provides several modules with distinct responsibilities:
- SSL Module: High-level SSL/TLS connection handling with Context objects for configuration and Connection objects that wrap sockets with SSL/TLS capabilities
- Crypto Module: X.509 certificate operations, cryptographic key management, and certificate store operations for trust validation
- Rand Module (Deprecated): Random number generation utilities for backward compatibility
- Debug Module: Environment and build information for debugging
The library integrates with Python's cryptography library, providing conversion methods between pyOpenSSL objects and cryptography objects for interoperability. Version information is available through module-level constants.
Capabilities
SSL/TLS Connections
Complete SSL/TLS client and server connection handling with support for modern protocols (TLS 1.2, 1.3), DTLS, session management, and advanced features like SNI, ALPN, and OCSP stapling.
class Context:
def __init__(self, method: int): ...
def set_verify(self, mode: int, callback=None): ...
def use_certificate_file(self, certfile, filetype=FILETYPE_PEM): ...
def use_privatekey_file(self, keyfile, filetype=FILETYPE_PEM): ...
class Connection:
def __init__(self, context: Context, socket=None): ...
def connect(self, addr): ...
def do_handshake(): ...
def send(self, buf, flags=0) -> int: ...
def recv(self, bufsiz, flags=None) -> bytes: ...X.509 Certificate Management
Comprehensive X.509 certificate lifecycle management including creation, signing, verification, and parsing with support for certificate extensions, distinguished names, and certificate stores.
class X509:
def __init__(): ...
def get_subject() -> X509Name: ...
def set_subject(subject: X509Name): ...
def sign(pkey: PKey, digest: str): ...
def has_expired() -> bool: ...
def load_certificate(type: int, buffer: bytes) -> X509: ...
def dump_certificate(type: int, cert: X509) -> bytes: ...Cryptographic Keys
Asymmetric key operations supporting RSA, DSA, EC, Ed25519, and Ed448 keys with generation, loading, serialization, and conversion capabilities.
class PKey:
def __init__(): ...
def generate_key(type: int, bits: int): ...
def check() -> bool: ...
def to_cryptography_key(): ...
def load_privatekey(type: int, buffer: str | bytes, passphrase=None) -> PKey: ...
def dump_privatekey(type: int, pkey: PKey, cipher=None, passphrase=None) -> bytes: ...Certificate Verification
Certificate trust store management and verification operations with support for certificate chains, CRL checking, and custom verification policies.
class X509Store:
def __init__(): ...
def add_cert(cert: X509): ...
def set_flags(flags: int): ...
class X509StoreContext:
def __init__(store: X509Store, certificate: X509, chain=None): ...
def verify_certificate(): ...Random Number Generation (Deprecated)
Legacy random number generation utilities for entropy seeding. These functions are deprecated as modern OpenSSL handles seeding automatically.
@deprecated
def add(buffer: bytes, entropy: int) -> None: ...
@deprecated
def status() -> int: ...Version and Debug Information
Access to package version information and OpenSSL build details for debugging and compatibility checking.
__version__: str # Package version
__title__: str # Package name
__author__: str # Package authors
__uri__: str # Package homepage
# OpenSSL version information (from SSL module)
OPENSSL_VERSION: bytes # OpenSSL version string
OPENSSL_VERSION_NUMBER: int # OpenSSL version number- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
- Describes
- Publish Source
- CLI
- Badge
'%3e%3cpath%20d='M3.389%209.069c0-.009.043-.033.029-.044L.029%207.77l3.287-1.197L6.574%207.77l.106.083.005%204-3.297%201.185V9.068ZM13.582%209.32V2.74l3.405%201.238v4.104L13.583%209.32ZM10.253%2014.66l-3.476%201.268v-4.027l3.476-1.313v4.072ZM10.253%2010.558l-3.476%201.239V7.784l3.476-1.268v4.042ZM10.253%2014.719v3.968L6.777%2020v-3.998l3.476-1.283ZM17%208.139v4.042l-3.418%201.239V9.378L17%208.138ZM3.3%2017.168%200%2015.943v-4.027l3.3%201.224v4.028ZM6.69%2011.916v4.027l-3.302%201.225v-4.072l3.301-1.18ZM6.69%203.743v4.012l-3.33-1.21V2.564l3.33%201.18Z'/%3e%3cpath%20d='M3.3%2013.066%200%2011.842V7.844l3.3%201.224v3.998ZM13.524%209.334l-.175.088.175-.014v4.027l-3.152%201.183-.06-.032v-3.983l1.986-.767-.111.006-1.876.657V6.531l3.213-1.224v4.027Zm-.263.133c-.065.008-.198.023-.233.088.065-.008.198-.023.233-.088Zm-.321.118c-.065.008-.198.023-.233.088.065-.009.198-.023.233-.088Zm-.321.118c-.066.008-.199.023-.234.088.065-.008.199-.023.234-.088ZM13.524%201.266v3.968l-3.213%201.195V2.46l3.213-1.194ZM10.253%202.475v3.968L6.777%207.726V3.743l3.476-1.268ZM8.2%204.458c-.304.064-.627.5-.708.79-.27.963.636%201.081%201.091.364.277-.437.354-1.308-.383-1.154ZM13.524%2013.51v3.983l-3.17%201.177c-.011%200-.043-.067-.043-.07v-3.895l3.213-1.195Zm-.884%201.63c-.495.085-1.068%201.015-.676%201.435.483.517%201.502-.636%201.147-1.246-.098-.169-.286-.221-.47-.19ZM10.165%202.387l-.037.065-3.395%201.249-3.345-1.212L6.88%201.21l3.285%201.178ZM13.437%201.177l-.088.073-3.057%201.127-3.034-1.082-.277-.133L10.151%200l3.286%201.177Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h17v20H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
