[Catalog-sig] Access to Windows' cert store

PJ Eby pje at telecommunity.com
Thu Mar 21 16:29:21 CET 2013

On Thu, Mar 21, 2013 at 8:06 AM, Christian Heimes <christian at python.org> wrote:
> Hi,
> the message is slightly off-topic but it might be interesting for pip,
> setuptools and other developers that are working on HTTPS for PyPI.
> I while ago I found C++ example code that shows how to dump CA and CRL
> certs from Windows's system cert store. The system cert store contains
> the certificates used by Windows, IE etc.
> Yesterday I reimplemented the C++ code with Python and ctypes. I have
> tested it with Python 2.6 to 3.3 (x86 and x86_64) on Windows 7. It
> should work with Windows XP / Windows Server 2003 and all newer versions
> of Windows. The output is usabl by Python's SSL module but you have to
> dump the certs to a file first.
> I'm planing to add the feature to Python 3.4, too.
> http://bugs.python.org/issue17134
> You can download the code from
>   https://bitbucket.org/tiran/wincertstore

Very nice!  I definitely would like to use this for setuptools, but I
actually want it for versions 2.3-2.5, which can't use requests or
urllib3 or anything like that.  So I hacked on the code a bit and got
it to work (or at least got the __main__ stub to spit out a bunch of
data) with Python 2.3 and ctypes 1.0.2 (the last standalone release
for which Windows binaries are available).  Would you like a patch?

(Note: absolute_import, decorators, and the actual use of "with:" and
generator expressions had to go, but this doesn't change any API or
semantics as far as I can tell, just a bit of appearance here and
there, and the code still runs with 2.4, 2.5, 2.7, 3.1, and 3.2 that I

More information about the Catalog-SIG mailing list