Author christian.heimes
Recipients alex, christian.heimes, demian.brecht, dstufft, giampaolo.rodola, janssen, lac, nagle, pitrou
Date 2015-02-24.16:01:59
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1424793720.13.0.39890797591.issue23476@psf.upfronthosting.co.za>
In-reply-to
Content
John, neither Python nor OpenSSL are shipped with certificates.

Python uses certificates from operating system. We decided against our own certificate store because we wanted to avoid exactly this kind of trouble. If Python can't verify a certificate then you have to update the certificate storage of your OS.

On Linux and BSD Python, curl, wget and most other system tools use the OS's cert store. On Windows Python uses the same store as the IE, Chrome and other apps. Contrary to IE Python doesn't enforce cert store updates.

You can reproduce the problem with curl, too. The first call uses the OS' store, the second overwrite the default store.

$ curl https://www.verisign.com

$ SSL_CERT_DIR=/tmp SSL_CERT_FILE=/tmp curl https://www.verisign.com
History
Date User Action Args
2015-02-24 16:02:00christian.heimessetrecipients: + christian.heimes, janssen, nagle, pitrou, giampaolo.rodola, alex, dstufft, demian.brecht, lac
2015-02-24 16:02:00christian.heimessetmessageid: <1424793720.13.0.39890797591.issue23476@psf.upfronthosting.co.za>
2015-02-24 16:02:00christian.heimeslinkissue23476 messages
2015-02-24 16:01:59christian.heimescreate