security/py-truststore: Add py-truststore 0.7.0

Truststore is a library which exposes native system certificate stores (ie
"trust stores") through an ssl.SSLContext-like API. This means that Python
applications no longer need to rely on certifi as a root certificate store.
Native system certificate stores have many helpful features compared to a static
certificate bundle like certifi:
- Automatically update certificates as new CAs are created and removed
- Fetch missing intermediate certificates
- Check certificates against certificate revocation lists (CRLs) to avoid
  monster-in-the-middle (MITM) attacks
- Managed per-system rather than per-application by a operations/IT team
- PyPI is no longer a CA distribution channel

Right now truststore is a stand-alone library that can be installed globally in
your application to immediately take advantage of the benefits in Python 3.10+.
Truststore has also been integrated into pip as an opt-in method for verifying
HTTPS certificates with truststore instead of certifi.

Long-term the hope is to make truststore the default way to verify HTTPS
certificates in pip and to add this functionality into Python itself. Wish us
luck!
This commit is contained in:
Po-Chuan Hsieh 2023-08-17 02:06:51 +08:00
parent 96195f8763
commit a5abdadcbd
No known key found for this signature in database
GPG key ID: 9A4BD10F002DD04B
4 changed files with 46 additions and 0 deletions

View file

@ -1037,6 +1037,7 @@
SUBDIR += py-tlslite-ng SUBDIR += py-tlslite-ng
SUBDIR += py-trezor SUBDIR += py-trezor
SUBDIR += py-trustme SUBDIR += py-trustme
SUBDIR += py-truststore
SUBDIR += py-tuf SUBDIR += py-tuf
SUBDIR += py-txtorcon SUBDIR += py-txtorcon
SUBDIR += py-uhashring SUBDIR += py-uhashring

View file

@ -0,0 +1,22 @@
PORTNAME= truststore
PORTVERSION= 0.7.0
CATEGORIES= security python
MASTER_SITES= PYPI
PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX}
MAINTAINER= sunpoet@FreeBSD.org
COMMENT= Verify certificates using native system trust stores
WWW= https://truststore.readthedocs.io/en/latest/ \
https://github.com/sethmlarson/truststore
LICENSE= MIT
LICENSE_FILE= ${WRKSRC}/LICENSE
BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}flit-core>=3.2<4:devel/py-flit-core@${PY_FLAVOR}
USES= python:3.10+ ssl
USE_PYTHON= autoplist concurrent pep517
NO_ARCH= yes
.include <bsd.port.mk>

View file

@ -0,0 +1,3 @@
TIMESTAMP = 1691069906
SHA256 (truststore-0.7.0.tar.gz) = 72e784507a624375434381e4bad3eff8614bc8c845a7f5ae16a25a2624d0683f
SIZE (truststore-0.7.0.tar.gz) = 14983

View file

@ -0,0 +1,20 @@
Truststore is a library which exposes native system certificate stores (ie
"trust stores") through an ssl.SSLContext-like API. This means that Python
applications no longer need to rely on certifi as a root certificate store.
Native system certificate stores have many helpful features compared to a static
certificate bundle like certifi:
- Automatically update certificates as new CAs are created and removed
- Fetch missing intermediate certificates
- Check certificates against certificate revocation lists (CRLs) to avoid
monster-in-the-middle (MITM) attacks
- Managed per-system rather than per-application by a operations/IT team
- PyPI is no longer a CA distribution channel
Right now truststore is a stand-alone library that can be installed globally in
your application to immediately take advantage of the benefits in Python 3.10+.
Truststore has also been integrated into pip as an opt-in method for verifying
HTTPS certificates with truststore instead of certifi.
Long-term the hope is to make truststore the default way to verify HTTPS
certificates in pip and to add this functionality into Python itself. Wish us
luck!