Skip to content

AIA Chaser

Poetry License: MIT Linter: Ruff Code style: black Imports: isort pre-commit

PyPI - Version PyPI - Python Version

Read the Docs

This package helps automatically retrieve missing certificates to complete a secure SSL chain of trust. It ensures that even if a server doesn’t provide the full certificate chain, your connection remains secure.

What is AIA Chasing?

AIA (Authority Information Access) is a feature in SSL certificates, defined in RFC 5280, that points to:

  • CA Issuers – To fetch missing issuer certificates.
  • OCSP – To check if a certificate has been revoked.

By following these links, this package helps fill in the gaps, ensuring your SSL connections don’t fail due to missing certificates.

Why Does This Matter?

Sometimes, a website works fine in your browser but fails when using curl or Python’s requests library. That is because browsers often handle AIA chasing automatically, while other tools don’t. If you’ve run into SSL errors like this, this package can help! :guide_dog:.

Examples

The following examples showcase how to use this library with some typical Python HTTP libraries.

  • Standard library’s urlopen:
from urllib.request import urlopen
from aia_chaser import AiaChaser

url = "https://..."

chaser = AiaChaser()
context = chaser.make_ssl_context_for_url(url)
response = urlopen(url, context=context)

import requests
from aia_chaser import AiaChaser
from aia_chaser.utils.cert_utils import temp_pem_file

url = "https://..."

chaser = AiaChaser()
ca_chain = chaser.fetch_ca_chain_for_url(url)
with temp_pem_file(ca_chain) as pem_path:
    response = requests.get(url, verify=str(pem_path))

import urllib3
from aia_chaser import AiaChaser

url = "https://..."

chaser = AiaChaser()
context = chaser.make_ssl_context_for_url(url)
with urllib3.PoolManager(ssl_context=context) as pool:
    respone = pool.request("GET", url)

import httpx
from aia_chaser import AiaChaser

url = "https://..."

chaser = AiaChaser()
context = chaser.make_ssl_context_for_url(url)
# Note: httpx does not follow redirects by default
with httpx.Client(verify=context, follow_redirects=True) as client:
    response = client.get(url)

import aiohttp
from aia_chaser import AiaChaser

url = "https://..."

chaser = AiaChaser()
context = chaser.make_ssl_context_for_url(url)
async with aiohttp.ClientSession() as session:
    async with session.get(url, ssl=context) as response:
        data = await response.text()

import pycurl
from aia_chaser import AiaChaser
from aia_chaser.utils.cert_utils import temp_pem_file

url = "https://..."

chaser = AiaChaser()
ca_chain = chaser.fetch_ca_chain_for_url(url)
with temp_pem_file(ca_chain) as pem_path:
    curl = pycurl.Curl()
    curl.setopt(pycurl.URL, url)
    curl.setopt(pycurl.CAINFO, str(pem_path))
    curl.perform()
    curl.close()

Acknowledgments

  • This project is based on aia.