diff -r 6b189f29b1e6 Lib/ssl.py
--- a/Lib/ssl.py Wed Jun 05 18:37:50 2013 -0400
+++ b/Lib/ssl.py Sat Jun 08 19:44:43 2013 +0200
@@ -89,6 +89,7 @@
import textwrap
import re
+import sys
import _ssl # if we can't import it, let the error propagate
@@ -137,6 +138,9 @@
_PROTOCOL_NAMES[PROTOCOL_TLSv1_1] = "TLSv1.1"
_PROTOCOL_NAMES[PROTOCOL_TLSv1_2] = "TLSv1.2"
+if sys.platform == "win32":
+ from _ssl import enum_cert_store, X509_ASN_ENCODING, PKCS_7_ASN_ENCODING
+
from socket import getnameinfo as _getnameinfo
from socket import socket, AF_INET, SOCK_STREAM, create_connection
import base64 # for DER-to-PEM translation
diff -r 6b189f29b1e6 Lib/test/test_ssl.py
--- a/Lib/test/test_ssl.py Wed Jun 05 18:37:50 2013 -0400
+++ b/Lib/test/test_ssl.py Sat Jun 08 19:44:43 2013 +0200
@@ -394,6 +394,29 @@
support.gc_collect()
self.assertIn(r, str(cm.warning.args[0]))
+ @unittest.skipUnless(sys.platform == "win32", "Windows specific")
+ def test_enum_cert_store(self):
+ self.assertEqual(ssl.X509_ASN_ENCODING, 1)
+ self.assertEqual(ssl.PKCS_7_ASN_ENCODING, 0x00010000)
+
+ self.assertEqual(ssl.enum_cert_store("CA"),
+ ssl.enum_cert_store("CA", "certificate"))
+ ssl.enum_cert_store("CA", "crl")
+ self.assertEqual(ssl.enum_cert_store("ROOT"),
+ ssl.enum_cert_store("ROOT", "certificate"))
+ ssl.enum_cert_store("ROOT", "crl")
+
+ self.assertRaises(TypeError, ssl.enum_cert_store)
+ self.assertRaises(WindowsError, ssl.enum_cert_store, "")
+ self.assertRaises(ValueError, ssl.enum_cert_store, "CA", "wrong")
+
+ ca = ssl.enum_cert_store("CA")
+ self.assertIsInstance(ca, list)
+ self.assertIsInstance(ca[0], tuple)
+ self.assertEqual(len(ca[0]), 2)
+ self.assertIsInstance(ca[0][0], bytes)
+ self.assertIsInstance(ca[0][1], int)
+
class ContextTests(unittest.TestCase):
@skip_if_broken_ubuntu_ssl
diff -r 6b189f29b1e6 Modules/_ssl.c
--- a/Modules/_ssl.c Wed Jun 05 18:37:50 2013 -0400
+++ b/Modules/_ssl.c Sat Jun 08 19:44:43 2013 +0200
@@ -2761,7 +2761,129 @@
#endif
-
+#ifdef _MSC_VER
+PyDoc_STRVAR(PySSL_enum_cert_store_doc,
+"enum_cert_store(store_name, cert_type='certificate') -> []\n\
+\n\
+Retrieve certificates from Windows' cert store. store_name may be one of\n\
+'CA', 'ROOT' or 'MY'. The system may provide more cert storages, too.\n\
+cert_type must be either 'certificate' or 'crl'.\n\
+The function returns a list of (bytes, encoding_type) tuples. The\n\
+encoding_type flag can be interpreted with X509_ASN_ENCODING or\n\
+PKCS_7_ASN_ENCODING.");
+
+static PyObject *
+PySSL_enum_cert_store(PyObject *self, PyObject *args, PyObject *kwds)
+{
+ char *kwlist[] = {"store_name", "cert_type", NULL};
+ char *store_name;
+ char *cert_type = "certificate";
+ HCERTSTORE hStore = NULL;
+ PyObject *result = NULL;
+ PyObject *tup = NULL, *cert = NULL, *enc = NULL;
+ int ok = 1;
+
+ if (!PyArg_ParseTupleAndKeywords(args, kwds, "s|s:enum_cert_store",
+ kwlist, &store_name, &cert_type)) {
+ return NULL;
+ }
+
+ if ((strcmp(cert_type, "certificate") != 0) &&
+ (strcmp(cert_type, "crl") != 0)) {
+ return PyErr_Format(PyExc_ValueError,
+ "cert_type must be 'certificate' or 'crl', "
+ "not %.100s", cert_type);
+ }
+
+ if ((result = PyList_New(0)) == NULL) {
+ return NULL;
+ }
+
+ if ((hStore = CertOpenSystemStore(NULL, store_name)) == NULL) {
+ Py_DECREF(result);
+ return PyErr_SetFromWindowsErr(GetLastError());
+ }
+
+ if (strcmp(cert_type, "certificate") == 0) {
+ PCCERT_CONTEXT pCertCtx = NULL;
+ while (pCertCtx = CertEnumCertificatesInStore(hStore, pCertCtx)) {
+ cert = PyBytes_FromStringAndSize((const char*)pCertCtx->pbCertEncoded,
+ pCertCtx->cbCertEncoded);
+ if (!cert) {
+ ok = 0;
+ break;
+ }
+ if ((enc = PyLong_FromLong(pCertCtx->dwCertEncodingType)) == NULL) {
+ ok = 0;
+ break;
+ }
+ if ((tup = PyTuple_New(2)) == NULL) {
+ ok = 0;
+ break;
+ }
+ PyTuple_SET_ITEM(tup, 0, cert); cert = NULL;
+ PyTuple_SET_ITEM(tup, 1, enc); enc = NULL;
+
+ if (PyList_Append(result, tup) < 0) {
+ ok = 0;
+ break;
+ }
+ Py_CLEAR(tup);
+ }
+ if (pCertCtx) {
+ /* loop ended with an error, need to clean up context manually */
+ CertFreeCertificateContext(pCertCtx);
+ }
+ } else {
+ PCCRL_CONTEXT pCrlCtx = NULL;
+ while (pCrlCtx = CertEnumCRLsInStore(hStore, pCrlCtx)) {
+ cert = PyBytes_FromStringAndSize((const char*)pCrlCtx->pbCrlEncoded,
+ pCrlCtx->cbCrlEncoded);
+ if (!cert) {
+ ok = 0;
+ break;
+ }
+ if ((enc = PyLong_FromLong(pCrlCtx->dwCertEncodingType)) == NULL) {
+ ok = 0;
+ break;
+ }
+ if ((tup = PyTuple_New(2)) == NULL) {
+ ok = 0;
+ break;
+ }
+ PyTuple_SET_ITEM(tup, 0, cert); cert = NULL;
+ PyTuple_SET_ITEM(tup, 1, enc); enc = NULL;
+
+ if (PyList_Append(result, tup) < 0) {
+ ok = 0;
+ break;
+ }
+ Py_CLEAR(tup);
+ }
+ if (pCrlCtx) {
+ /* loop ended with an error, need to clean up context manually */
+ CertFreeCRLContext(pCrlCtx);
+ }
+ }
+
+ /* In error cases cert, enc and tup may not be NULL */
+ Py_XDECREF(cert);
+ Py_XDECREF(enc);
+ Py_XDECREF(tup);
+
+ if (!CertCloseStore(hStore, 0)) {
+ /* This error case might shadow another exception.*/
+ Py_DECREF(result);
+ return PyErr_SetFromWindowsErr(GetLastError());
+ }
+ if (ok) {
+ return result;
+ } else {
+ Py_DECREF(result);
+ return NULL;
+ }
+}
+#endif
/* List of functions exported by this module. */
@@ -2780,6 +2902,10 @@
{"RAND_status", (PyCFunction)PySSL_RAND_status, METH_NOARGS,
PySSL_RAND_status_doc},
#endif
+#ifdef _MSC_VER
+ {"enum_cert_store", (PyCFunction)PySSL_enum_cert_store,
+ METH_VARARGS | METH_KEYWORDS, PySSL_enum_cert_store_doc},
+#endif
{NULL, NULL} /* Sentinel */
};
@@ -2992,6 +3118,12 @@
PyModule_AddIntConstant(m, "CERT_REQUIRED",
PY_SSL_CERT_REQUIRED);
+#ifdef _MSC_VER
+ /* Windows dwCertEncodingType */
+ PyModule_AddIntMacro(m, X509_ASN_ENCODING);
+ PyModule_AddIntMacro(m, PKCS_7_ASN_ENCODING);
+#endif
+
/* Alert Descriptions from ssl.h */
/* note RESERVED constants no longer intended for use have been removed */
/* http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6 */
diff -r 6b189f29b1e6 PCbuild/_ssl.vcxproj
--- a/PCbuild/_ssl.vcxproj Wed Jun 05 18:37:50 2013 -0400
+++ b/PCbuild/_ssl.vcxproj Sat Jun 08 19:44:43 2013 +0200
@@ -158,7 +158,7 @@
- ws2_32.lib;$(opensslDir)\out32\libeay32.lib;$(opensslDir)\out32\ssleay32.lib;%(AdditionalDependencies)
+ ws2_32.lib;crypt32.lib;$(opensslDir)\out32\libeay32.lib;$(opensslDir)\out32\ssleay32.lib;%(AdditionalDependencies)
@@ -173,7 +173,7 @@
- ws2_32.lib;$(opensslDir)\out64\libeay32.lib;$(opensslDir)\out64\ssleay32.lib;%(AdditionalDependencies)
+ ws2_32.lib;crypt32.lib;$(opensslDir)\out64\libeay32.lib;$(opensslDir)\out64\ssleay32.lib;%(AdditionalDependencies)
@@ -185,7 +185,7 @@
- ws2_32.lib;$(opensslDir)\out32\libeay32.lib;$(opensslDir)\out32\ssleay32.lib;%(AdditionalDependencies)
+ ws2_32.lib;crypt32.lib;$(opensslDir)\out32\libeay32.lib;$(opensslDir)\out32\ssleay32.lib;%(AdditionalDependencies)
@@ -200,7 +200,7 @@
- ws2_32.lib;$(opensslDir)\out64\libeay32.lib;$(opensslDir)\out64\ssleay32.lib;%(AdditionalDependencies)
+ ws2_32.lib;crypt32.lib;$(opensslDir)\out64\libeay32.lib;$(opensslDir)\out64\ssleay32.lib;%(AdditionalDependencies)
@@ -212,7 +212,7 @@
- ws2_32.lib;$(opensslDir)\out32\libeay32.lib;$(opensslDir)\out32\ssleay32.lib;%(AdditionalDependencies)
+ ws2_32.lib;crypt32.lib;$(opensslDir)\out32\libeay32.lib;$(opensslDir)\out32\ssleay32.lib;%(AdditionalDependencies)
@@ -227,7 +227,7 @@
- ws2_32.lib;$(opensslDir)\out64\libeay32.lib;$(opensslDir)\out64\ssleay32.lib;%(AdditionalDependencies)
+ ws2_32.lib;crypt32.lib;$(opensslDir)\out64\libeay32.lib;$(opensslDir)\out64\ssleay32.lib;%(AdditionalDependencies)
MachineX64
@@ -240,7 +240,7 @@
- ws2_32.lib;$(opensslDir)\out32\libeay32.lib;$(opensslDir)\out32\ssleay32.lib;%(AdditionalDependencies)
+ ws2_32.lib;crypt32.lib;$(opensslDir)\out32\libeay32.lib;$(opensslDir)\out32\ssleay32.lib;%(AdditionalDependencies)
@@ -255,7 +255,7 @@
- ws2_32.lib;$(opensslDir)\out64\libeay32.lib;$(opensslDir)\out64\ssleay32.lib;%(AdditionalDependencies)
+ ws2_32.lib;crypt32.lib;$(opensslDir)\out64\libeay32.lib;$(opensslDir)\out64\ssleay32.lib;%(AdditionalDependencies)
MachineX64