[New-bugs-announce] [issue19292] Make SSLContext.set_default_verify_paths() work on Windows

Guido van Rossum report at bugs.python.org
Sat Oct 19 01:18:54 CEST 2013

New submission from Guido van Rossum:

See discussion on https://groups.google.com/forum/#!topic/python-tulip/c_lqdFjPEbE .

If you set sslcontext.verify_mode = ssl.CERT_REQUIRED and call sslcontext.set_default_verify_paths(), the stdlib ought to have enough smarts to use the system root certificates.

I understand this is difficult, as the location of the root certificates may vary between Windows versions or installations.  But if we leave this up to the app developer they are much more likely to disable certificate verification by setting verify_mode to CERT_NONE than to provide secure root certs (or do even less secure things, like using plain HTTP :-).

messages: 200328
nosy: gvanrossum
priority: normal
severity: normal
stage: needs patch
status: open
title: Make SSLContext.set_default_verify_paths() work on Windows
type: security
versions: Python 3.3, Python 3.4

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list