# HG changeset patch
# User Steve Dower <steve.dower@microsoft.com>
# Date 1464128917 25200
#      Tue May 24 15:28:37 2016 -0700
# Branch 3.5
# Node ID da632e86f0c85b9462609ca7a1f59e5442c56111
# Parent  3732828f283537575060c5efdabb8465888af86a
Issue #27114: Fix SSLContext._load_windows_store_certs fails with PermissionError

diff --git a/Lib/ssl.py b/Lib/ssl.py
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -145,6 +145,7 @@
 from socket import SOL_SOCKET, SO_TYPE
 import base64        # for DER-to-PEM translation
 import errno
+import warnings
 
 
 socket_error = OSError  # keep that public name in module namespace
@@ -405,11 +406,14 @@
 
     def _load_windows_store_certs(self, storename, purpose):
         certs = bytearray()
-        for cert, encoding, trust in enum_certificates(storename):
-            # CA certs are never PKCS#7 encoded
-            if encoding == "x509_asn":
-                if trust is True or purpose.oid in trust:
-                    certs.extend(cert)
+        try:
+            for cert, encoding, trust in enum_certificates(storename):
+                # CA certs are never PKCS#7 encoded
+                if encoding == "x509_asn":
+                    if trust is True or purpose.oid in trust:
+                        certs.extend(cert)
+        except PermissionError:
+            warnings.warn("unable to enumerate Windows certificate store")
         if certs:
             self.load_verify_locations(cadata=certs)
         return certs
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -126,6 +126,9 @@
 Library
 -------
 
+- Issue #27114: Fix SSLContext._load_windows_store_certs fails with
+  PermissionError
+
 - Issue #27057: Fix os.set_inheritable() on Android, ioctl() is blocked by
   SELinux and fails with EACCESS. The function now falls back to fcntl().
   Patch written by Michał Bednarski.