On Mar 21, 2013, at 9:32 AM, Christian Heimes <christ...@python.org> wrote:
> Am 21.03.2013 13:58, schrieb M.-A. Lemburg: >> Why not simply use the Firefox certs ? >> >> We started adding these to our pyOpenSSL distribution with the last release: >> https://cms.egenix.com/products/python/pyOpenSSL/doc/#Module_OpenSSL.ca_bundle > > Sure, that's another viable option. But IIRC some people have raised > license concerns. Firefox bundle is releases under the MPL which only applies to the individual files and not the entire project. > >> You can setup OpenSSL Contexts to validate based in-memory >> certificate as well: just add the certs one by one to the >> Context using the X509Store object you can obtain using >> context.get_cert_store(). > > I assume you are talking about pyOpenSSL? I was referring to Python's > SSL module. It can only load CA certs from a file or directory. It would > be a useful feature for Python's SSL module, too. > >> I think this would be useful addition for pyOpenSSL as well - if >> it's possible to extract the Windows certificates without admin >> rights. > > The code works without special privileges. The MSDN references don't > mention any restrictions, too. The code is rather simple -- I'm only > using four functions and three structs. I would love to see this added to Python Core. As it is right now if OpenSSL is configured correctly you can do `urllib.request.urlopen("…", cadefault=True)` and things will just work. This breaks down on Windows though. > > Christian > _______________________________________________ > Catalog-SIG mailing list > Catalog-SIG@python.org > http://mail.python.org/mailman/listinfo/catalog-sig ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Catalog-SIG mailing list Catalog-SIG@python.org http://mail.python.org/mailman/listinfo/catalog-sig