{"id":1751,"library":"truststore","title":"Truststore","description":"Truststore is a Python library that enables certificate verification using native system trust stores on macOS, Windows, and Linux, providing a more secure and consistent approach to SSL/TLS. It is currently at version 0.10.4 and maintains an active release cadence with frequent bug fixes and platform improvements.","status":"active","version":"0.10.4","language":"en","source_language":"en","source_url":"https://github.com/sethmlarson/truststore","tags":["security","ssl","certificate","trust store","macos","windows","linux","networking"],"install":[{"cmd":"pip install truststore","lang":"bash","label":"Install truststore"}],"dependencies":[],"imports":[{"symbol":"inject_into_ssl","correct":"import truststore; truststore.inject_into_ssl()"},{"note":"Used to revert the global patch applied by inject_into_ssl().","symbol":"extract_from_ssl","correct":"import truststore; truststore.extract_from_ssl()"},{"note":"For explicit use, less common than global injection for most applications.","symbol":"SSLContext","correct":"from truststore import SSLContext"}],"quickstart":{"code":"import truststore\nimport requests\n\n# Call inject_into_ssl() as early as possible in your application's lifecycle.\n# This patches the default SSLContext used by many libraries (e.g., requests, httpx).\ntruststore.inject_into_ssl()\n\ntry:\n    # requests will now use the system trust store for verification\n    response = requests.get('https://www.google.com', timeout=5)\n    response.raise_for_status()\n    print(f\"Successfully connected to Google: {response.status_code}\")\nexcept requests.exceptions.RequestException as e:\n    print(f\"Error connecting: {e}\")\n","lang":"python","description":"The most common way to use truststore is by calling `truststore.inject_into_ssl()` early in your application's execution. This globally patches `ssl.SSLContext`, causing libraries like `requests` and `httpx` to automatically use the system's trust store for certificate verification. This example demonstrates making a simple request with `requests` after injection."},"warnings":[{"fix":"Ensure `truststore.inject_into_ssl()` is one of the first lines of executable code in your main script or entry point.","message":"The `truststore.inject_into_ssl()` function must be called as early as possible in your application's lifecycle, before any `ssl.SSLContext` objects are created by other libraries (e.g., `requests`, `httpx`, `urllib3`). Contexts created before injection will not use the system trust store.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Upgrade to truststore 0.10.4 or higher to resolve the thread-safety bug. If unable to upgrade, avoid using truststore in multi-threaded contexts where `SSLContext` objects are frequently configured.","message":"Versions prior to 0.10.4 had a thread-safety issue when configuring the internal `ssl.SSLContext` object, potentially leading to incorrect behavior or crashes in multi-threaded applications.","severity":"breaking","affected_versions":"<0.10.4"},{"fix":"Ensure your project's `requires_python` is set to `>=3.10` and your environment uses a compatible Python interpreter.","message":"Truststore requires Python 3.10 or newer. Attempting to install or use it on older Python versions will result in an `ImportError` or installation failure.","severity":"gotcha","affected_versions":"All versions"},{"fix":"If granular control is needed, you can use `truststore.SSLContext` directly instead of `ssl.SSLContext` for specific connections, or `truststore.extract_from_ssl()` to temporarily revert the global patch.","message":"`truststore.inject_into_ssl()` performs a global patch on the standard library's `ssl.SSLContext`. While this is often the desired behavior for broad adoption, be aware that it affects all subsequent `SSLContext` creations in the process.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Update error handling code to catch `ImportError` when `truststore` is not supported on a given platform, instead of `OSError`.","message":"Error handling for unsupported macOS versions (10.7 or earlier) changed in v0.7.0. It now raises an `ImportError` instead of an `OSError` when the module isn't supported on a given macOS system.","severity":"deprecated","affected_versions":"<0.7.0"}],"env_vars":null,"last_verified":"2026-04-09T00:00:00.000Z","next_check":"2026-07-08T00:00:00.000Z"}