https://github.com/python/cpython/commit/8c01b3426860acd5252a644e222b1d0d1f4e118f commit: 8c01b3426860acd5252a644e222b1d0d1f4e118f branch: 3.13 author: Miss Islington (bot) <[email protected]> committer: Yhg1s <[email protected]> date: 2024-09-02T12:53:59+02:00 summary:
[3.13] gh-79846: Make ssl.create_default_context() ignore invalid certificates (GH-91740) (#122768) gh-79846: Make ssl.create_default_context() ignore invalid certificates (GH-91740) An error in one certificate should not cause the whole thing to fail. (cherry picked from commit 9e551f9b351440ebae79e07a02d0e4a1b61d139e) Co-authored-by: pukkandan <[email protected]> Co-authored-by: Serhiy Storchaka <[email protected]> files: A Misc/NEWS.d/next/Windows/2022-04-20-18-32-30.gh-issue-79846.Vggv3f.rst M Lib/ssl.py diff --git a/Lib/ssl.py b/Lib/ssl.py index f248e1404baf44..c8703b046cfd4b 100644 --- a/Lib/ssl.py +++ b/Lib/ssl.py @@ -513,18 +513,17 @@ def set_alpn_protocols(self, alpn_protocols): self._set_alpn_protocols(protos) def _load_windows_store_certs(self, storename, purpose): - certs = bytearray() try: for cert, encoding, trust in enum_certificates(storename): # CA certs are never PKCS#7 encoded if encoding == "x509_asn": if trust is True or purpose.oid in trust: - certs.extend(cert) + try: + self.load_verify_locations(cadata=cert) + except SSLError as exc: + warnings.warn(f"Bad certificate in Windows certificate store: {exc!s}") except PermissionError: warnings.warn("unable to enumerate Windows certificate store") - if certs: - self.load_verify_locations(cadata=certs) - return certs def load_default_certs(self, purpose=Purpose.SERVER_AUTH): if not isinstance(purpose, _ASN1Object): diff --git a/Misc/NEWS.d/next/Windows/2022-04-20-18-32-30.gh-issue-79846.Vggv3f.rst b/Misc/NEWS.d/next/Windows/2022-04-20-18-32-30.gh-issue-79846.Vggv3f.rst new file mode 100644 index 00000000000000..82c26701e0e0bc --- /dev/null +++ b/Misc/NEWS.d/next/Windows/2022-04-20-18-32-30.gh-issue-79846.Vggv3f.rst @@ -0,0 +1,2 @@ +Makes :code:`ssl.create_default_context()` ignore invalid certificates in +the Windows certificate store _______________________________________________ Python-checkins mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3/lists/python-checkins.python.org/ Member address: [email protected]
