Message335084
The introduction of the ReadOnly flag in the ssl.enum_certificates() function implementation has introduced a regression.
The old version returned certificates for both the current user and the local system, the new function only enumerates system wide certificates and ignores the current user.
The old function before Patch from https://bugs.python.org/issue25939 used a different function to open the certificate store (CertOpenStore vs. CertOpenSystemStore). Probably some of the param flags are not identical, the new code explictly lists only local system.
Testing:
1. Import a self signed CA only into the 'current user' trustworthy certificates.
2. Use IE to Connect to a https:// website using that trust root. Works.
3. Try to open the website with old python and new python.
Old one works, new one fails.
Or just enum certificates:
1. Import a self signed CA into the current_user trusted store.
2. Compare outputs of:
import ssl
len(ssl.enum_certificates('ROOT')) |
|
Date |
User |
Action |
Args |
2019-02-08 14:43:31 | schlenk | set | recipients:
+ schlenk, paul.moore, christian.heimes, tim.golden, zach.ware, steve.dower |
2019-02-08 14:43:29 | schlenk | set | messageid: <1549637009.73.0.764067041861.issue35941@roundup.psfhosted.org> |
2019-02-08 14:43:29 | schlenk | link | issue35941 messages |
2019-02-08 14:43:29 | schlenk | create | |
|