CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/pypi-pyopenssl

Python wrapper module around the OpenSSL library providing cryptographic functionality and TLS/SSL capabilities

Pending
Overview
Eval results
Files

index.mddocs/

pyOpenSSL

A Python wrapper around the OpenSSL library providing cryptographic functionality and TLS/SSL capabilities. pyOpenSSL offers SSL.Connection objects that wrap Python's portable sockets, Python-based callbacks, and an extensive error-handling mechanism that mirrors OpenSSL's error codes. The library serves as a high-level interface for secure network communications, certificate handling, and cryptographic operations in Python applications.

Package Information

  • Package Name: pyOpenSSL
  • Language: Python
  • Installation: pip install pyopenssl

Core Imports

import OpenSSL
from OpenSSL import SSL, crypto, rand, debug

Individual components:

from OpenSSL.SSL import Context, Connection, Session
from OpenSSL.crypto import X509, PKey, X509Store, X509Name, load_certificate, dump_certificate
from OpenSSL.rand import add, status  # Deprecated

Version information:

from OpenSSL import __version__, __title__, __author__, __uri__

Basic Usage

from OpenSSL import SSL, crypto
import socket

# Create an SSL context for a client connection
context = SSL.Context(SSL.TLS_CLIENT_METHOD)
context.set_default_verify_paths()
context.set_verify(SSL.VERIFY_PEER, None)

# Create a socket and wrap it with SSL
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
connection = SSL.Connection(context, sock)
connection.connect(('www.example.com', 443))
connection.do_handshake()

# Send HTTP request
connection.send(b'GET / HTTP/1.0\r\nHost: www.example.com\r\n\r\n')
response = connection.recv(4096)
print(response.decode())

connection.close()

Certificate management example:

from OpenSSL import crypto

# Load a certificate from file
with open('certificate.pem', 'rb') as f:
    cert_data = f.read()
    
cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert_data)

# Examine certificate properties
print("Subject:", cert.get_subject().CN)
print("Issuer:", cert.get_issuer().CN)
print("Serial Number:", cert.get_serial_number())
print("Has Expired:", cert.has_expired())

Architecture

pyOpenSSL provides several modules with distinct responsibilities:

  • SSL Module: High-level SSL/TLS connection handling with Context objects for configuration and Connection objects that wrap sockets with SSL/TLS capabilities
  • Crypto Module: X.509 certificate operations, cryptographic key management, and certificate store operations for trust validation
  • Rand Module (Deprecated): Random number generation utilities for backward compatibility
  • Debug Module: Environment and build information for debugging

The library integrates with Python's cryptography library, providing conversion methods between pyOpenSSL objects and cryptography objects for interoperability. Version information is available through module-level constants.

Capabilities

SSL/TLS Connections

Complete SSL/TLS client and server connection handling with support for modern protocols (TLS 1.2, 1.3), DTLS, session management, and advanced features like SNI, ALPN, and OCSP stapling.

class Context:
    def __init__(self, method: int): ...
    def set_verify(self, mode: int, callback=None): ...
    def use_certificate_file(self, certfile, filetype=FILETYPE_PEM): ...
    def use_privatekey_file(self, keyfile, filetype=FILETYPE_PEM): ...

class Connection:
    def __init__(self, context: Context, socket=None): ...
    def connect(self, addr): ...
    def do_handshake(): ...
    def send(self, buf, flags=0) -> int: ...
    def recv(self, bufsiz, flags=None) -> bytes: ...

SSL Connections

X.509 Certificate Management

Comprehensive X.509 certificate lifecycle management including creation, signing, verification, and parsing with support for certificate extensions, distinguished names, and certificate stores.

class X509:
    def __init__(): ...
    def get_subject() -> X509Name: ...
    def set_subject(subject: X509Name): ...
    def sign(pkey: PKey, digest: str): ...
    def has_expired() -> bool: ...

def load_certificate(type: int, buffer: bytes) -> X509: ...
def dump_certificate(type: int, cert: X509) -> bytes: ...

Certificate Management

Cryptographic Keys

Asymmetric key operations supporting RSA, DSA, EC, Ed25519, and Ed448 keys with generation, loading, serialization, and conversion capabilities.

class PKey:
    def __init__(): ...
    def generate_key(type: int, bits: int): ...
    def check() -> bool: ...
    def to_cryptography_key(): ...

def load_privatekey(type: int, buffer: str | bytes, passphrase=None) -> PKey: ...
def dump_privatekey(type: int, pkey: PKey, cipher=None, passphrase=None) -> bytes: ...

Cryptographic Keys

Certificate Verification

Certificate trust store management and verification operations with support for certificate chains, CRL checking, and custom verification policies.

class X509Store:
    def __init__(): ...
    def add_cert(cert: X509): ...
    def set_flags(flags: int): ...

class X509StoreContext:
    def __init__(store: X509Store, certificate: X509, chain=None): ...
    def verify_certificate(): ...

Certificate Verification

Random Number Generation (Deprecated)

Legacy random number generation utilities for entropy seeding. These functions are deprecated as modern OpenSSL handles seeding automatically.

@deprecated
def add(buffer: bytes, entropy: int) -> None: ...
@deprecated
def status() -> int: ...

Random Number Generation

Version and Debug Information

Access to package version information and OpenSSL build details for debugging and compatibility checking.

__version__: str  # Package version
__title__: str  # Package name  
__author__: str  # Package authors
__uri__: str  # Package homepage

# OpenSSL version information (from SSL module)
OPENSSL_VERSION: bytes  # OpenSSL version string
OPENSSL_VERSION_NUMBER: int  # OpenSSL version number

Install with Tessl CLI

npx tessl i tessl/pypi-pyopenssl

docs

certificate-management.md

certificate-verification.md

cryptographic-keys.md

index.md

rand-module.md

ssl-connections.md

tile.json