[issue20916] ssl.enum_certificates() will not return all certificates trusted by Windows
Christian Heimes
report at bugs.python.org
Thu Mar 13 21:33:50 CET 2014
Christian Heimes added the comment:
Thanks for you tests!
Yes, I was aware of the situation in general. Personally I think it is an unfortunate decision of Microsoft to download root CA certs on demand. When I developed the feature I only experimented with a fresh but fully patched VM of Windows 7 Professional. The VM had more root CAs installed so I didn't think it's going to bite the majority users for common sites. In retrospective I *might* have trigger cert downloads accidentally...
I also tried to implement a OpenSSL's verify hook but my code was far from ready for 3.4 beta. I'll have to implement a proper solution for Python 3.5. The situation on OSX and Windows isn't perfect.
KB931125 lists a way to trigger a full download of all known root certs. Do you still have a fresh VM around? I won't have time to test the tool from KB931125 before 3.4.0 is released.
----------
assignee: -> christian.heimes
stage: -> needs patch
versions: +Python 3.5 -Python 3.4
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue20916>
_______________________________________
More information about the Python-bugs-list
mailing list