[Catalog-sig] Access to Windows' cert store

Christian Heimes christian at python.org
Thu Mar 21 14:32:24 CET 2013

Am 21.03.2013 13:58, schrieb M.-A. Lemburg:
> Why not simply use the Firefox certs ?
> We started adding these to our pyOpenSSL distribution with the last release:
> https://cms.egenix.com/products/python/pyOpenSSL/doc/#Module_OpenSSL.ca_bundle

Sure, that's another viable option. But IIRC some people have raised
license concerns.

> You can setup OpenSSL Contexts to validate based in-memory
> certificate as well: just add the certs one by one to the
> Context using the X509Store object you can obtain using
> context.get_cert_store().

I assume you are talking about pyOpenSSL? I was referring to Python's
SSL module. It can only load CA certs from a file or directory. It would
be a useful feature for Python's SSL module, too.

> I think this would be useful addition for pyOpenSSL as well - if
> it's possible to extract the Windows certificates without admin
> rights.

The code works without special privileges. The MSDN references don't
mention any restrictions, too. The code is rather simple -- I'm only
using four functions and three structs.


More information about the Catalog-SIG mailing list