This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author christian.heimes
Recipients christian.heimes, pervlad, vstinner
Date 2019-01-07.15:27:38
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1546874858.28.0.3226018912.issue35665@roundup.psfhosted.org>
In-reply-to
Content 
The certs are coming from Windows' trust store. Could you please dump the trust store for me and attach the result to the bug tracker. The following script is untested but should work. I don't have access to a Windows machine at the moment.

ctx = ssl.SSLContext(ssl.PROTOCOL_TLS)
certs = []
for storename in ("CA", "ROOT"):
    certs.append(storename)
    for cert, encoding, trust in ssl.enum_certificates(storename):
        if encoding == "x509_asn":
            if trust is True or ssl.Purpose.SERVER_AUTH.oid in trust:
                try:
                    ctx.load_verify_locations(cadata=cert)
                except Exception as e:
                    certs.append(str(e))
                certs.append(ssl.DER_cert_to_PEM_cert(cert))

with open('cacerts.pem', 'w') as f:
    f.write('\n'.join(certs))
History
Date User Action Args
2019-01-07 15:27:40christian.heimessetrecipients: + christian.heimes, vstinner, pervlad
2019-01-07 15:27:38christian.heimessetmessageid: <1546874858.28.0.3226018912.issue35665@roundup.psfhosted.org>
2019-01-07 15:27:38christian.heimeslinkissue35665 messages
2019-01-07 15:27:38christian.heimescreate