.. note that this README gets 'include'ed into the main documentation
.. image:: https://vignette2.wikia.nocookie.net/jadensadventures/images/1/1e/Kaa%27s_hypnotic_eyes.jpg/revision/latest?cb=20140310173415 :width: 200px :align: right
You wrote a cool network client or server. It encrypts connections
TLS <https://en.wikipedia.org/wiki/Transport_Layer_Security>__. Your test
suite needs to make TLS connections to itself.
Uh oh. Your test suite probably doesn't have a valid TLS certificate. Now what?
trustme is a tiny Python package that does one thing: it gives you
certificate authority (CA) that you can use to generate fake TLS certs
to use in your tests. Well, technically they're real certs, they're
just signed by your CA, which nobody trusts. But you can trust
it. Trust me.
pip install -U trustme
Bug tracker and source code: https://github.com/python-trio/trustme
Tested on: Python 2.7 and Python 3.5+, CPython and PyPy
License: MIT or Apache 2, your choice.
Code of conduct: Contributors are requested to follow our
code of conduct <https://github.com/python-trio/trustme/blob/master/CODE_OF_CONDUCT.md>__
in all project spaces.
.. code-block:: python
ca = trustme.CA()
server_cert = ca.issue_cert(u"test-host.example.org")
with ca.cert_pem.tempfile() as ca_temp_path: requests.get("https://...", verify=ca_temp_path)
Should I use these certs for anything real? Certainly not.
Why not just use self-signed certificates? These are more realistic. You don't have to disable your certificate validation code in your test suite, which is good, because you want to test what you run in production, and you would never disable your certificate validation code in production, right? Plus they're just as easy to work with. Actually easier, in many cases.
What if I want to test how my code handles some really weird TLS
configuration? Sure, I'm happy to extend the API to give more
control over the generated certificates, at least as long as it
doesn't turn into a second-rate re-export of everything in
cryptography <https://cryptography.io>. (If you really need a
fully general X.509 library then they do a great job at that.)
Let's talk <https://github.com/python-trio/trustme/issues/new>, or send a