Christian Heimes <[email protected]> added the comment:
The certs are coming from Windows' trust store. Could you please dump the trust
store for me and attach the result to the bug tracker. The following script is
untested but should work. I don't have access to a Windows machine at the
moment.
ctx = ssl.SSLContext(ssl.PROTOCOL_TLS)
certs = []
for storename in ("CA", "ROOT"):
certs.append(storename)
for cert, encoding, trust in ssl.enum_certificates(storename):
if encoding == "x509_asn":
if trust is True or ssl.Purpose.SERVER_AUTH.oid in trust:
try:
ctx.load_verify_locations(cadata=cert)
except Exception as e:
certs.append(str(e))
certs.append(ssl.DER_cert_to_PEM_cert(cert))
with open('cacerts.pem', 'w') as f:
f.write('\n'.join(certs))
----------
_______________________________________
Python tracker <[email protected]>
<https://bugs.python.org/issue35665>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
