Skip to content

Chase authority information access (AIA) from a host certificate to complete the chain of trust.

License

Notifications You must be signed in to change notification settings

jponf/aia-chaser

Repository files navigation

AIA Chaser

Poetry License: MIT Linter: Ruff Code style: black Imports: isort pre-commit

This package provides authority information access (AIA) chasing from a host/leaf certificate to complete its chain of trust and generate an SSL context to establish a secure connection.

Overview

AIA, an extension of the X509 standard in RFC 5280, points a client towards two types of endpoints:

  • CA Issuers: To fetch the issuer certificate.
  • OSCP: To check the certificate's revocation status.

Thanks to this information, it is possible to complete the chain of trust of a certificate. Without AIA chasing, some HTTPS requests may fail if the endpoint does not provide all the certificates of its chain of trust.

You may have experienced that already when some HTTPS URL works on your browser but fail when using curl or Python + requests. Then this package could be of help to you 🦮.

Examples

The following examples showcase how to use this library with some typical Python HTTP libraries.

  • Standard library's urlopen:
from urllib.request import urlopen
from aia_chaser import AiaChaser

url = "https://..."

chaser = AiaChaser()
context = chaser.make_ssl_context_for_url(url)
response = urlopen(url, context=context)
import requests
from aia_chaser import AiaChaser

chaser = AiaChaser()
url = "https://..."
context = chaser.make_ssl_context_for_url(url)

ca_data = chaser.fetch_ca_chain_for_url(url)
with tempfile.NamedTemporaryFile("wt") as pem_file:
    pem_file.write(ca_data.to_pem())
    pem_file.flush()
    response = requests.get(url, verify=pem_file.name)
import urllib3
from aia_chaser import AiaChaser

url = "https://..."

chaser = AiaChaser()
context = chaser.make_ssl_context_for_url(url)
with urllib3.PoolManager(ssl_context=context) as pool:
    respone = pool.request("GET", url)

Development

First of all, you must have the following tools installed and on your $PATH.

Then, open a terminal on the project's directory and run:

make init

Acknowledgments

  • This project is based on aia.

About

Chase authority information access (AIA) from a host certificate to complete the chain of trust.

Resources

License

Stars

Watchers

Forks

Packages

No packages published