[Catalog-sig] Access to Windows' cert store
PJ Eby
pje at telecommunity.com
Thu Mar 21 16:29:21 CET 2013
On Thu, Mar 21, 2013 at 8:06 AM, Christian Heimes <christian at python.org> wrote:
> Hi,
>
> the message is slightly off-topic but it might be interesting for pip,
> setuptools and other developers that are working on HTTPS for PyPI.
>
> I while ago I found C++ example code that shows how to dump CA and CRL
> certs from Windows's system cert store. The system cert store contains
> the certificates used by Windows, IE etc.
>
> Yesterday I reimplemented the C++ code with Python and ctypes. I have
> tested it with Python 2.6 to 3.3 (x86 and x86_64) on Windows 7. It
> should work with Windows XP / Windows Server 2003 and all newer versions
> of Windows. The output is usabl by Python's SSL module but you have to
> dump the certs to a file first.
>
> I'm planing to add the feature to Python 3.4, too.
> http://bugs.python.org/issue17134
>
> You can download the code from
>
> https://bitbucket.org/tiran/wincertstore
>
Very nice! I definitely would like to use this for setuptools, but I
actually want it for versions 2.3-2.5, which can't use requests or
urllib3 or anything like that. So I hacked on the code a bit and got
it to work (or at least got the __main__ stub to spit out a bunch of
data) with Python 2.3 and ctypes 1.0.2 (the last standalone release
for which Windows binaries are available). Would you like a patch?
(Note: absolute_import, decorators, and the actual use of "with:" and
generator expressions had to go, but this doesn't change any API or
semantics as far as I can tell, just a bit of appearance here and
there, and the code still runs with 2.4, 2.5, 2.7, 3.1, and 3.2 that I
tried.)
More information about the Catalog-SIG
mailing list