Author schlenk
Recipients christian.heimes, paul.moore, schlenk, steve.dower, tim.golden, zach.ware
Date 2019-02-08.14:43:29
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
The introduction of the ReadOnly flag in the ssl.enum_certificates() function implementation has introduced a regression.

The old version returned certificates for both the current user and the local system, the new function only enumerates system wide certificates and ignores the current user.

The old function before Patch from used a different function to open the certificate store (CertOpenStore vs. CertOpenSystemStore). Probably some of the param flags are not identical, the new code explictly lists only local system.

1. Import a self signed CA only into the 'current user' trustworthy certificates.
2. Use IE to Connect to a https:// website using that trust root. Works.
3. Try to open the website with old python and new python. 
Old one works, new one fails.

Or just enum certificates:

1. Import a self signed CA into the current_user trusted store.
2. Compare outputs of:
import ssl
Date User Action Args
2019-02-08 14:43:31schlenksetrecipients: + schlenk, paul.moore, christian.heimes, tim.golden, zach.ware, steve.dower
2019-02-08 14:43:29schlenksetmessageid: <>
2019-02-08 14:43:29schlenklinkissue35941 messages
2019-02-08 14:43:29schlenkcreate