[Catalog-sig] Access to Windows' cert store

M.-A. Lemburg mal at egenix.com
Thu Mar 21 15:01:08 CET 2013

On 21.03.2013 14:32, Christian Heimes wrote:
> Am 21.03.2013 13:58, schrieb M.-A. Lemburg:
>> Why not simply use the Firefox certs ?
>> We started adding these to our pyOpenSSL distribution with the last release:
>> https://cms.egenix.com/products/python/pyOpenSSL/doc/#Module_OpenSSL.ca_bundle
> Sure, that's another viable option. But IIRC some people have raised
> license concerns.

I think the more problematic aspect is not being able to easily update
the CA list. Firefox and Windows do this automatically for you,
but for Python, this could only be done with patch level releases.

Still, it's better than not having access to any such CA list,
so would be a good fallback solution.

>> You can setup OpenSSL Contexts to validate based in-memory
>> certificate as well: just add the certs one by one to the
>> Context using the X509Store object you can obtain using
>> context.get_cert_store().
> I assume you are talking about pyOpenSSL? I was referring to Python's
> SSL module. It can only load CA certs from a file or directory. It would
> be a useful feature for Python's SSL module, too.

Ah, right.

>> I think this would be useful addition for pyOpenSSL as well - if
>> it's possible to extract the Windows certificates without admin
>> rights.
> The code works without special privileges. The MSDN references don't
> mention any restrictions, too. The code is rather simple -- I'm only
> using four functions and three structs.


Marc-Andre Lemburg

Professional Python Services directly from the Source  (#1, Mar 21 2013)
>>> Python Projects, Consulting and Support ...   http://www.egenix.com/
>>> mxODBC.Zope/Plone.Database.Adapter ...       http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
2013-03-13: Released eGenix pyOpenSSL 0.13 ...    http://egenix.com/go39

::::: Try our mxODBC.Connect Python Database Interface for free ! ::::::

   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
    D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
           Registered at Amtsgericht Duesseldorf: HRB 46611

More information about the Catalog-SIG mailing list