[issue35665] Function ssl.create_default_context raises exception on Windows 10 when called with ssl.Purpose.SERVER_AUTH) attribute
Christian Heimes
report at bugs.python.org
Mon Jan 7 10:27:38 EST 2019
Christian Heimes <lists at cheimes.de> added the comment:
The certs are coming from Windows' trust store. Could you please dump the trust store for me and attach the result to the bug tracker. The following script is untested but should work. I don't have access to a Windows machine at the moment.
ctx = ssl.SSLContext(ssl.PROTOCOL_TLS)
certs = []
for storename in ("CA", "ROOT"):
certs.append(storename)
for cert, encoding, trust in ssl.enum_certificates(storename):
if encoding == "x509_asn":
if trust is True or ssl.Purpose.SERVER_AUTH.oid in trust:
try:
ctx.load_verify_locations(cadata=cert)
except Exception as e:
certs.append(str(e))
certs.append(ssl.DER_cert_to_PEM_cert(cert))
with open('cacerts.pem', 'w') as f:
f.write('\n'.join(certs))
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue35665>
_______________________________________
More information about the Python-bugs-list
mailing list