Message236509
John, neither Python nor OpenSSL are shipped with certificates.
Python uses certificates from operating system. We decided against our own certificate store because we wanted to avoid exactly this kind of trouble. If Python can't verify a certificate then you have to update the certificate storage of your OS.
On Linux and BSD Python, curl, wget and most other system tools use the OS's cert store. On Windows Python uses the same store as the IE, Chrome and other apps. Contrary to IE Python doesn't enforce cert store updates.
You can reproduce the problem with curl, too. The first call uses the OS' store, the second overwrite the default store.
$ curl https://www.verisign.com
$ SSL_CERT_DIR=/tmp SSL_CERT_FILE=/tmp curl https://www.verisign.com |
|
Date |
User |
Action |
Args |
2015-02-24 16:02:00 | christian.heimes | set | recipients:
+ christian.heimes, janssen, nagle, pitrou, giampaolo.rodola, alex, dstufft, demian.brecht, lac |
2015-02-24 16:02:00 | christian.heimes | set | messageid: <1424793720.13.0.39890797591.issue23476@psf.upfronthosting.co.za> |
2015-02-24 16:02:00 | christian.heimes | link | issue23476 messages |
2015-02-24 16:01:59 | christian.heimes | create | |
|