This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author christian.heimes
Recipients Adam.Goodman, christian.heimes
Date 2014-03-13.20:33:50
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1394742830.55.0.981300748565.issue20916@psf.upfronthosting.co.za>
In-reply-to
Content 
Thanks for you tests!

Yes, I was aware of the situation in general. Personally I think it is an unfortunate decision of Microsoft to download root CA certs on demand. When I developed the feature I only experimented with a fresh but fully patched VM of Windows 7 Professional. The VM had more root CAs installed so I didn't think it's going to bite the majority users for common sites. In retrospective I *might* have trigger cert downloads accidentally...

I also tried to implement a OpenSSL's verify hook but my code was far from ready for 3.4 beta. I'll have to implement a proper solution for Python 3.5. The situation on OSX and Windows isn't perfect.

KB931125 lists a way to trigger a full download of all known root certs. Do you still have a fresh VM around? I won't have time to test the tool from KB931125 before 3.4.0 is released.
History
Date User Action Args
2014-03-13 20:33:50christian.heimessetrecipients: + christian.heimes, Adam.Goodman
2014-03-13 20:33:50christian.heimessetmessageid: <1394742830.55.0.981300748565.issue20916@psf.upfronthosting.co.za>
2014-03-13 20:33:50christian.heimeslinkissue20916 messages
2014-03-13 20:33:50christian.heimescreate