On 21.03.2013 14:32, Christian Heimes wrote: > Am 21.03.2013 13:58, schrieb M.-A. Lemburg: >> Why not simply use the Firefox certs ? >> >> We started adding these to our pyOpenSSL distribution with the last release: >> https://cms.egenix.com/products/python/pyOpenSSL/doc/#Module_OpenSSL.ca_bundle > > Sure, that's another viable option. But IIRC some people have raised > license concerns.
I think the more problematic aspect is not being able to easily update the CA list. Firefox and Windows do this automatically for you, but for Python, this could only be done with patch level releases. Still, it's better than not having access to any such CA list, so would be a good fallback solution. >> You can setup OpenSSL Contexts to validate based in-memory >> certificate as well: just add the certs one by one to the >> Context using the X509Store object you can obtain using >> context.get_cert_store(). > > I assume you are talking about pyOpenSSL? I was referring to Python's > SSL module. It can only load CA certs from a file or directory. It would > be a useful feature for Python's SSL module, too. Ah, right. >> I think this would be useful addition for pyOpenSSL as well - if >> it's possible to extract the Windows certificates without admin >> rights. > > The code works without special privileges. The MSDN references don't > mention any restrictions, too. The code is rather simple -- I'm only > using four functions and three structs. Nice. -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, Mar 21 2013) >>> Python Projects, Consulting and Support ... http://www.egenix.com/ >>> mxODBC.Zope/Plone.Database.Adapter ... http://zope.egenix.com/ >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ ________________________________________________________________________ 2013-03-13: Released eGenix pyOpenSSL 0.13 ... http://egenix.com/go39 ::::: Try our mxODBC.Connect Python Database Interface for free ! :::::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ _______________________________________________ Catalog-SIG mailing list Catalog-SIG@python.org http://mail.python.org/mailman/listinfo/catalog-sig