[issue35941] ssl.enum_certificates() regression

Change by Christian Heimes : -- resolution: -> fixed stage: backport needed -> resolved status: open -> closed ___ Python tracker ___

[issue35941] ssl.enum_certificates() regression

Steve Dower added the comment: That's 3.7 and later dealt with. Apparently this needs a backport to 2.7 still, so I'll leave the bug open. -- stage: patch review -> backport needed versions: -Python 3.7, Python 3.8 ___ Python tracker

[issue35941] ssl.enum_certificates() regression

Steve Dower added the comment: New changeset fdd17abc51e363ab19d248375d717512b8b26966 by Steve Dower in branch '3.8': bpo-35941: Fix performance regression in SSL certificate code (GH-12610) https://github.com/python/cpython/commit/fdd17abc51e363ab19d248375d717512b8b26966 --

[issue35941] ssl.enum_certificates() regression

Steve Dower added the comment: New changeset b4fb2c29f34c322855ab6be72b491930cf508f64 by Steve Dower in branch '3.7': bpo-35941: Fix performance regression in SSL certificate code (GH-12610) https://github.com/python/cpython/commit/b4fb2c29f34c322855ab6be72b491930cf508f64 --

[issue35941] ssl.enum_certificates() regression

Change by Steve Dower : -- pull_requests: +15455 pull_request: https://github.com/python/cpython/pull/15804 ___ Python tracker ___

[issue35941] ssl.enum_certificates() regression

Change by Steve Dower : -- pull_requests: +15454 pull_request: https://github.com/python/cpython/pull/15803 ___ Python tracker ___

[issue35941] ssl.enum_certificates() regression

Steve Dower added the comment: New changeset 915cd3f0696cb8a7206754a8fc34d4cd865a1b4a by Steve Dower (Christian Heimes) in branch 'master': bpo-35941: Fix performance regression in new code (GH-12610) https://github.com/python/cpython/commit/915cd3f0696cb8a7206754a8fc34d4cd865a1b4a

[issue35941] ssl.enum_certificates() regression

neonene added the comment: I meant 12609. (x86,x64 Py374rc1,Py380a4 and later) And though I tried merging 12610 and Py374, memory usage still increases. Sorry, I can't find out the cause. -- ___ Python tracker

[issue35941] ssl.enum_certificates() regression

Christian Heimes added the comment: Which patch do you mean? Are you referring to the landed PR or my fix for performance regression https://github.com/python/cpython/pull/12610? -- ___ Python tracker

[issue35941] ssl.enum_certificates() regression

neonene added the comment: After this patch applied, memory usage increases every https-access and is not released in my Win7x64SP1. I hope this will be fixed or reverted. (case sample) from urllib import request from time import sleep import gc while True:

[issue35941] ssl.enum_certificates() regression

miss-islington added the comment: New changeset e9868c5416731f5ca5378a1d36e4b020c349291c by Miss Islington (bot) in branch '3.7': bpo-35941: Fix ssl certificate enumeration for windows (GH-12486) https://github.com/python/cpython/commit/e9868c5416731f5ca5378a1d36e4b020c349291c --

[issue35941] ssl.enum_certificates() regression

Change by Christian Heimes : -- pull_requests: +12549 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue35941] ssl.enum_certificates() regression

Christian Heimes added the comment: By the way, OpenSSL ignores duplicate certificates. There is no need to filter out duplicate entries. However it is more efficient to filter them out early, because OpenSSL filters after parsing the ASN.1 structure. --

[issue35941] ssl.enum_certificates() regression

Christian Heimes added the comment: Steve, why did you add the list_contains() check? Does the new code return one certificate multiple times? I'm worried that the performance of check is rather slow. IMHO it would be more efficient to use a set here. --

[issue35941] ssl.enum_certificates() regression

Change by miss-islington : -- pull_requests: +12548 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue35941] ssl.enum_certificates() regression

Steve Dower added the comment: New changeset d93fbbf88e4abdd24a0a55e3ddf85b8420c62052 by Steve Dower (kctherookie) in branch 'master': bpo-35941: Fix ssl certificate enumeration for windows (GH-12486) https://github.com/python/cpython/commit/d93fbbf88e4abdd24a0a55e3ddf85b8420c62052

[issue35941] ssl.enum_certificates() regression

Nikolaos Rangos added the comment: Hello Steve, I reopened the PR from my code base. I will wait for this PR to be processed and afterwards continue with submitting patches. -- ___ Python tracker

[issue35941] ssl.enum_certificates() regression

Change by Nikolaos Rangos : -- pull_requests: +12439 stage: needs patch -> patch review ___ Python tracker ___ ___ Python-bugs-list

[issue35941] ssl.enum_certificates() regression

Steve Dower added the comment: I don't know about your other PRs, and I don't deny they may have been neglected for some time, but you only allowed 12 hours on this one between receiving a review and closing it. Our team of volunteers have limited time (typically 0-8 hours/week) to work on

[issue35941] ssl.enum_certificates() regression

nr added the comment: To be honest, I think the patch is worth to be merged including other patches I submitted. Yet I believed it was better to close the pull request because I put quite some time into researching and programming the solutions but nobody really cared so I stopped. All I

[issue35941] ssl.enum_certificates() regression

Christian Herdtweck added the comment: Hi, I encountered this problem as well. May I know why you have withdrawn your pull request? -- nosy: +christian-intra2net ___ Python tracker

[issue35941] ssl.enum_certificates() regression

Change by Steve Dower : -- assignee: steve.dower -> stage: patch review -> needs patch ___ Python tracker ___ ___ Python-bugs-list

[issue35941] ssl.enum_certificates() regression

nr added the comment: Adjusted the code to conform with PEP 7. -- ___ Python tracker ___ ___ Python-bugs-list mailing list

[issue35941] ssl.enum_certificates() regression

Steve Dower added the comment: The PR requires PEP 7 to be applied thoroughly, but I think the concept is sound enough. -- nosy: +nr ___ Python tracker ___

[issue35941] ssl.enum_certificates() regression

Change by nr : -- keywords: +patch pull_requests: +11948 stage: -> patch review ___ Python tracker ___ ___ Python-bugs-list

[issue35941] ssl.enum_certificates() regression

Michael Schlenker added the comment: It probably is even worse. The flag seems to specifiy the physical locations, and just using CERT_SYSTEM_STORE_LOCAL_SYSTEM probably misses the certificates distributed by Group Policy or AD too, in addition to the stores for the current user. See

[issue35941] ssl.enum_certificates() regression

Change by Christian Heimes : -- versions: -Python 3.4, Python 3.5, Python 3.6 ___ Python tracker ___ ___ Python-bugs-list mailing

[issue35941] ssl.enum_certificates() regression

Christian Heimes added the comment: I guess the flags are wrong. https://hg.python.org/cpython/rev/d6474257ef38 changed flags to CERT_SYSTEM_STORE_LOCAL_MACHINE. To get local user certs, the flag should probably be CERT_SYSTEM_STORE_CURRENT_USER. -- assignee: christian.heimes ->

[issue35941] ssl.enum_certificates() regression

New submission from Michael Schlenker : The introduction of the ReadOnly flag in the ssl.enum_certificates() function implementation has introduced a regression. The old version returned certificates for both the current user and the local system, the new function only enumerates system wide