ssl.py _load_windows_store_certs fails if windows cert store is empty #70501
Comments
|
In ssl.py: def _load_windows_store_certs(self, storename, purpose):
certs = bytearray()
for cert, encoding, trust in enum_certificates(storename):
# CA certs are never PKCS#7 encoded
if encoding == "x509_asn":
if trust is True or purpose.oid in trust:
certs.extend(cert)
self.load_verify_locations(cadata=certs)
return certsThe line right before the return statement will raise an exception if certs is empty. It should be protected with "if certs:" as it is elsewhere in this file. |
|
The same issue is reported at ytdl-org/youtube-dl#8132, too. Empty Windows cert store is uncommon. The only case I found so far is on Wine. Steps to reproduce: 1. On Arch Linux x86_64, install mingw-w64-python2-bin from AUR
2. Run the following command:
$ WINEDEBUG=fixme-all PYTHONPATH=/usr/x86_64-w64-mingw32/lib/python27 wine /usr/x86_64-w64-mingw32/bin/python2.exe -c 'import ssl; ssl.create_default_context()'
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "Z:\usr\x86_64-w64-mingw32\lib\python27\ssl.py", line 440, in create_default_context
context.load_default_certs(purpose)
File "Z:\usr\x86_64-w64-mingw32\lib\python27\ssl.py", line 391, in load_default_certs
self._load_windows_store_certs(storename, purpose)
File "Z:\usr\x86_64-w64-mingw32\lib\python27\ssl.py", line 383, in _load_windows_store_certs
self.load_verify_locations(cadata=certs)
ValueError: Empty certificate data |
|
Protected the certs with if statement |
|
New changeset 8df52636b0dc by Steve Dower in branch '2.7': |
|
New changeset eb2c2671e7d6 by Steve Dower in branch '3.5': New changeset 97cd199944c3 by Steve Dower in branch 'default': |
|
Thanks! Fixed for 3.6, 3.5 and 2.7. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: