Message333168
The certs are coming from Windows' trust store. Could you please dump the trust store for me and attach the result to the bug tracker. The following script is untested but should work. I don't have access to a Windows machine at the moment.
ctx = ssl.SSLContext(ssl.PROTOCOL_TLS)
certs = []
for storename in ("CA", "ROOT"):
certs.append(storename)
for cert, encoding, trust in ssl.enum_certificates(storename):
if encoding == "x509_asn":
if trust is True or ssl.Purpose.SERVER_AUTH.oid in trust:
try:
ctx.load_verify_locations(cadata=cert)
except Exception as e:
certs.append(str(e))
certs.append(ssl.DER_cert_to_PEM_cert(cert))
with open('cacerts.pem', 'w') as f:
f.write('\n'.join(certs)) |
|
Date |
User |
Action |
Args |
2019-01-07 15:27:40 | christian.heimes | set | recipients:
+ christian.heimes, vstinner, pervlad |
2019-01-07 15:27:38 | christian.heimes | set | messageid: <1546874858.28.0.3226018912.issue35665@roundup.psfhosted.org> |
2019-01-07 15:27:38 | christian.heimes | link | issue35665 messages |
2019-01-07 15:27:38 | christian.heimes | create | |
|