[Catalog-sig] Access to Windows' cert store

M.-A. Lemburg mal at egenix.com
Thu Mar 21 13:58:34 CET 2013

On 21.03.2013 13:06, Christian Heimes wrote:
> Hi,
> the message is slightly off-topic but it might be interesting for pip,
> setuptools and other developers that are working on HTTPS for PyPI.
> I while ago I found C++ example code that shows how to dump CA and CRL
> certs from Windows's system cert store. The system cert store contains
> the certificates used by Windows, IE etc.

Why not simply use the Firefox certs ?

We started adding these to our pyOpenSSL distribution with the last release:

> Yesterday I reimplemented the C++ code with Python and ctypes. I have
> tested it with Python 2.6 to 3.3 (x86 and x86_64) on Windows 7. It
> should work with Windows XP / Windows Server 2003 and all newer versions
> of Windows. The output is usabl by Python's SSL module but you have to
> dump the certs to a file first.

You can setup OpenSSL Contexts to validate based in-memory
certificate as well: just add the certs one by one to the
Context using the X509Store object you can obtain using

> I'm planing to add the feature to Python 3.4, too.
> http://bugs.python.org/issue17134
> You can download the code from
>   https://bitbucket.org/tiran/wincertstore

I think this would be useful addition for pyOpenSSL as well - if
it's possible to extract the Windows certificates without admin

Marc-Andre Lemburg

Professional Python Services directly from the Source  (#1, Mar 21 2013)
>>> Python Projects, Consulting and Support ...   http://www.egenix.com/
>>> mxODBC.Zope/Plone.Database.Adapter ...       http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
2013-03-13: Released eGenix pyOpenSSL 0.13 ...    http://egenix.com/go39

::::: Try our mxODBC.Connect Python Database Interface for free ! ::::::

   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
    D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
           Registered at Amtsgericht Duesseldorf: HRB 46611

More information about the Catalog-SIG mailing list