New submission from Christian Herdtweck <[email protected]>:
I have created a self-signed certificate as my fake CA, used it to sign the
certificate of my test server. I added the fake CA to the client (Windows 7)
certificate store (System settings > Internet Settings > Content >
Certificates), imported it there first only to "trusted root certificate
authorities (translating from German "Vertrauenswürdige
Stammzertifizierungsstellen" here), after failed tests to all tabs (including
"own certificates", "intermediate certification authorities", but not the the
"non-trusted issuers").
I can see my fake ca certificate in the lists in the windows settings, but
querying the windows CA store through python (version 3.7), either through
ssl.create_default_context().get_ca_certs() or ssl.enum_certificates(store) for
store in ("CA", "ROOT", "MY") I only see some default builtin authorities
(digicert, microsoft, comodo, verisign, etc).
This might be related to https://bugs.python.org/issue36011 . The related PR
https://github.com/python/cpython/pull/11923 is now closed but I do not see the
commit in master/3.7/feature-version branch. Was it dismissed?
I am aware there are options to add certificate files to SSL_CERT_DIR, but it
is my understanding that python now uses the windows certificate store and that
is where in my case the certificate should go.
----------
assignee: christian.heimes
components: SSL
messages: 338198
nosy: christian-intra2net, christian.heimes
priority: normal
severity: normal
status: open
title: Certificate added to Win Store not available
type: behavior
versions: Python 3.7
_______________________________________
Python tracker <[email protected]>
<https://bugs.python.org/issue36343>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
