[issue36343] Certificate added to Win Store not available

2019-03-21 Thread Christian Herdtweck 


Christian Herdtweck  added the comment:

Sorry, right, that is the issue I meant. Continuing there.

--

___
Python tracker 
<https://bugs.python.org/issue36343>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35941] ssl.enum_certificates() regression

2019-03-21 Thread Christian Herdtweck 


Christian Herdtweck  added the comment:

Hi, I encountered this problem as well. May I know why you have withdrawn your 
pull request?

--
nosy: +christian-intra2net

___
Python tracker 
<https://bugs.python.org/issue35941>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36343] Certificate added to Win Store not available

2019-03-19 Thread Christian Herdtweck 


Christian Herdtweck  added the comment:

Certificates (fake CA and the signed certificate) as well as 2 screenshots from 
the import process

--
Added file: https://bugs.python.org/file48220/python-cert-problem.zip

___
Python tracker 
<https://bugs.python.org/issue36343>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36343] Certificate added to Win Store not available

2019-03-19 Thread Christian Herdtweck 


Christian Herdtweck  added the comment:

A colleage motivated me to add some example data. Attached you will find a 
small sample program listing the certificates and trying to connect to my 
machine.

Output of the program:
Text "fake" nowhere to be found :-(

Traceback (most recent call last):
  File "list_cas.py", line 88, in 
sys.exit(main())
  File "list_cas.py", line 83, in main
ssl_sock.connect((MY_SERVER, 443))
  File "C:\Program Files (x86)\Python37-32\lib\ssl.py", line 1150, in connect
self._real_connect(addr, False)
  File "C:\Program Files (x86)\Python37-32\lib\ssl.py", line 1141, in 
_real_connect
self.do_handshake()
  File "C:\Program Files (x86)\Python37-32\lib\ssl.py", line 1117, in 
do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate 
verify failed: unable to get local issuer certificate (_ssl.c:1056)

--
Added file: https://bugs.python.org/file48219/list_cas.py

___
Python tracker 
<https://bugs.python.org/issue36343>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36343] Certificate added to Win Store not available

2019-03-18 Thread Christian Herdtweck 


Christian Herdtweck  added the comment:

I should have added the behavioral result:

(1) opening my server's web (https, port 443) page using IE works fine without 
certificate questions/errors
(2) creating a ssl-wrapped socket to the server on the same port (443) fails 
with a Certificat error

--

___
Python tracker 
<https://bugs.python.org/issue36343>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36343] Certificate added to Win Store not available

2019-03-18 Thread Christian Herdtweck 

New submission from Christian Herdtweck :

I have created a self-signed certificate as my fake CA, used it to sign the 
certificate of my test server. I added the fake CA to the client (Windows 7) 
certificate store (System settings > Internet Settings > Content > 
Certificates), imported it there first only to "trusted root certificate 
authorities (translating from German "Vertrauenswürdige 
Stammzertifizierungsstellen" here), after failed tests to all tabs (including 
"own certificates", "intermediate certification authorities", but not the the 
"non-trusted issuers").

I can see my fake ca certificate in the lists in the windows settings, but 
querying the windows CA store through python (version 3.7), either through 
ssl.create_default_context().get_ca_certs() or ssl.enum_certificates(store) for 
store in ("CA", "ROOT", "MY") I only see some default builtin authorities 
(digicert, microsoft, comodo, verisign, etc).

This might be related to https://bugs.python.org/issue36011 . The related PR 
https://github.com/python/cpython/pull/11923 is now closed but I do not see the 
commit in master/3.7/feature-version branch. Was it dismissed?

I am aware there are options to add certificate files to SSL_CERT_DIR, but it 
is my understanding that python now uses the windows certificate store and that 
is where in my case the certificate should go.

--
assignee: christian.heimes
components: SSL
messages: 338198
nosy: christian-intra2net, christian.heimes
priority: normal
severity: normal
status: open
title: Certificate added to Win Store not available
type: behavior
versions: Python 3.7

___
Python tracker 
<https://bugs.python.org/issue36343>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com