Message213461
Thanks for you tests!
Yes, I was aware of the situation in general. Personally I think it is an unfortunate decision of Microsoft to download root CA certs on demand. When I developed the feature I only experimented with a fresh but fully patched VM of Windows 7 Professional. The VM had more root CAs installed so I didn't think it's going to bite the majority users for common sites. In retrospective I *might* have trigger cert downloads accidentally...
I also tried to implement a OpenSSL's verify hook but my code was far from ready for 3.4 beta. I'll have to implement a proper solution for Python 3.5. The situation on OSX and Windows isn't perfect.
KB931125 lists a way to trigger a full download of all known root certs. Do you still have a fresh VM around? I won't have time to test the tool from KB931125 before 3.4.0 is released. |
|
Date |
User |
Action |
Args |
2014-03-13 20:33:50 | christian.heimes | set | recipients:
+ christian.heimes, Adam.Goodman |
2014-03-13 20:33:50 | christian.heimes | set | messageid: <1394742830.55.0.981300748565.issue20916@psf.upfronthosting.co.za> |
2014-03-13 20:33:50 | christian.heimes | link | issue20916 messages |
2014-03-13 20:33:50 | christian.heimes | create | |
|