Hi, I'm working on a couple of improvements for the ssl module: http://bugs.python.org/issue17134 http://bugs.python.org/issue18138 http://bugs.python.org/issue18143 http://bugs.python.org/issue18147 #17134 is going to provide a way to use Window's crypt32.dll to load CA certs from Window's CA cert storage. I have a working proof of concept [1] that uses ctypes to interface crypt32.dll. I'll reimplement the code in C. #18138 implements the bits and pieces for #17134 in order to add DER and PEM certs from memory (ASCII unicode or Py_Buffer). Until now the ssl module can only load files from the file system. #18143 and #18147 are diagnostic and debugging helpers that I would like to add. The SSLContext() object is black box. You stuff in some PEM files and don't know which CA certs have been loaded. The enhancements implement a function to retrieve a list of CA certs (same format as getpeercert()) and list of default CA locations for the platform. I'm also thinking about OCSP support and X509v3 extension support for _decode_certificate(). Both are a PITB ... Python has an easier and better documented C API. Question: What's the minimum version of OpenSSL Python 3.4 is going to support? Do we have an easy way to compile and link Python against a custom installation of OpenSSL or do I have to fiddle around with CPPFLAGS and CFLAGS? Christian [1] https://pypi.python.org/pypi/wincertstore