Jan. 22, 2014
2:45 p.m.
On 22.01.2014 15:36, Donald Stufft wrote:
Last time I tried the reasoning was that Python couldn’t ship root certs and we couldn’t get to the OS certs everywhere. Thanks to you this is fixed now, so “once more unto the breach”.
The Windows situation is still not perfect, though. I'd love to use Chrome's approach and directly hook Windows' crypt32 API into OpenSSL verify function. That would trigger automatic retrieval of unknown root certs and CRL checks.