[issue35941] ssl.enum_certificates() regression
Michael Schlenker
report at bugs.python.org
Fri Feb 8 09:43:30 EST 2019
New submission from Michael Schlenker <msc at contact.de>:
The introduction of the ReadOnly flag in the ssl.enum_certificates() function implementation has introduced a regression.
The old version returned certificates for both the current user and the local system, the new function only enumerates system wide certificates and ignores the current user.
The old function before Patch from https://bugs.python.org/issue25939 used a different function to open the certificate store (CertOpenStore vs. CertOpenSystemStore). Probably some of the param flags are not identical, the new code explictly lists only local system.
Testing:
1. Import a self signed CA only into the 'current user' trustworthy certificates.
2. Use IE to Connect to a https:// website using that trust root. Works.
3. Try to open the website with old python and new python.
Old one works, new one fails.
Or just enum certificates:
1. Import a self signed CA into the current_user trusted store.
2. Compare outputs of:
import ssl
len(ssl.enum_certificates('ROOT'))
----------
assignee: christian.heimes
components: SSL, Windows
messages: 335084
nosy: christian.heimes, paul.moore, schlenk, steve.dower, tim.golden, zach.ware
priority: normal
severity: normal
status: open
title: ssl.enum_certificates() regression
type: behavior
versions: Python 2.7, Python 3.4, Python 3.5, Python 3.6, Python 3.7, Python 3.8
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue35941>
_______________________________________
More information about the Python-bugs-list
mailing list