Metadata-Version: 2.4
Name: pip_system_certs
Version: 5.0
Summary: Automatically configures Python to use system certificates via truststore
Author-email: Andrew Leech <andrew@alelec.net>
License-Expression: BSD-3-Clause
Project-URL: Homepage, https://gitlab.com/alelec/pip-system-certs
Project-URL: Repository, https://gitlab.com/alelec/pip-system-certs
Project-URL: Issues, https://gitlab.com/alelec/pip-system-certs/-/issues
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Classifier: Topic :: System :: Systems Administration
Classifier: Topic :: Security :: Cryptography
Requires-Python: >=3.10
Description-Content-Type: text/x-rst
License-File: LICENSE
Requires-Dist: truststore>=0.8.0
Dynamic: license-file

================
pip-system-certs
================

This package automatically configures Python to use system certificates from the OS certificate store instead of the bundled certificates via the ``truststore`` library.

This allows pip and Python applications to verify TLS/SSL connections to servers whose certificates are trusted by your system.

Simply install with::

  pip install pip_system_certs

and Python will automatically use your system's certificate store for all SSL verification.

This works for pip, requests, urllib3, and any other Python library that uses the standard SSL context.

Requirements
------------
* Python 3.10 or higher
* ``truststore`` library (installed automatically)

Compatibility
-------------
``pip-system-certs`` uses the ``truststore`` library to inject system certificate verification 
into Python's SSL context. This provides native OS integration using:

* **macOS**: Security framework
* **Windows**: CryptoAPI  
* **Linux**: OpenSSL with system certificate stores

This approach is more reliable than monkey-patching and automatically works with any Python 
library that uses SSL (requests, urllib3, httpx, etc.). The ``truststore`` library is the 
same technology now used by pip 24.2+ by default.

If you encounter issues, please report them at https://gitlab.com/alelec/pip-system-certs/-/issues

Known Issues
------------
* ``conda`` virtual environments on Linux may install a separate SSL certificate store which 
  takes precedence over the system store, potentially preventing this package from accessing 
  system-installed certificates.

PyInstaller
-----------
The automatic certificate configuration relies on a ``.pth`` file that Python loads at startup. 
This method does not work when bundling applications with PyInstaller or similar tools.

For PyInstaller applications, manually enable system certificates by adding this line early 
in your main script::

    import pip_system_certs.wrapt_requests; pip_system_certs.wrapt_requests.inject_truststore()

This must be called before any SSL connections are made.

Architecture
------------
This package uses a bootstrap system to automatically inject ``truststore`` into Python's SSL 
context at startup:

1. A ``.pth`` file triggers the bootstrap when Python starts
2. The bootstrap calls ``truststore.inject_into_ssl()`` to configure system certificates
3. All subsequent SSL connections use the system certificate store

Acknowledgements
----------------
This package now uses the ``truststore`` library by Seth Michael Larson for system certificate 
integration: https://pypi.org/project/truststore/

The bootstrap system was originally inspired by the autowrapt module.
