src/i2p_util/ssl_factory.py at main · distributed.camp/i2p-python

distributed.camp / i2p-python

fork atom

A Python port of the Invisible Internet Project (I2P)

fork atom

i2p-python / src / i2p_util / ssl_factory.py

at main 36 lines 929 B view raw

wrap content

bimo.studio feat: initial public release of i2p-python 7d ago

65a1e8dc

 1"""SSL context factory for I2P connections.
 2
 3Creates ssl.SSLContext instances with appropriate settings for I2P use:
 4TLS 1.2+ minimum, optional hostname verification toggle.
 5
 6Ported from net.i2p.util.I2PSSLSocketFactory.
 7"""
 8
 9from __future__ import annotations
10
11import ssl
12
13
14def create_ssl_context(
15    trust_store: str | None = None,
16    verify_hostname: bool = True,
17) -> ssl.SSLContext:
18    """Create an SSL context for I2P use.
19
20    Args:
21        trust_store: Path to CA certificate file. If None, uses system CAs.
22        verify_hostname: Whether to verify hostnames. Disable for .i2p.
23    """
24    ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
25    ctx.minimum_version = ssl.TLSVersion.TLSv1_2
26
27    if trust_store:
28        ctx.load_verify_locations(trust_store)
29    else:
30        ctx.load_default_certs()
31
32    if not verify_hostname:
33        ctx.check_hostname = False
34        ctx.verify_mode = ssl.CERT_NONE
35
36    return ctx