[issue35665] Function ssl.create_default_context raises exception on Windows 10 when called with ssl.Purpose.SERVER_AUTH) attribute
pukkandan added the comment: > A workaround for Python would require a major rewrite of the Windows CA store > integration. We don't have any capacity to work on that area In theory, the issue can be worked around by simply loading each certificate separately. See https://github.com/yt-dlp/yt-dlp/pull/1118/commits/599ca418ac75ab1c0baf97f184f32ac48aa759ed -- nosy: +pukkandan ___ Python tracker <https://bugs.python.org/issue35665> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue45312] "MUPCA Root" Certificates - treated as invalid and cause error, but are walid and necessary
pukkandan added the comment: Also, the pictures uploaded by the OP are misleading since they are from a version of the code that was specifically intended for debugging the issue. the problem can be better seen in this comment https://github.com/yt-dlp/yt-dlp/issues/1060#issuecomment-925843378 ```py C:\Windows\system32>py Python 3.9.7 (tags/v3.9.7:1016ef3, Aug 30 2021, 20:19:38) [MSC v.1929 64 bit (AMD64)] on win32 Type "help", "copyright", "credits" or "license" for more information. >>> import ssl >>> len(ssl.enum_certificates('ROOT')) 68 >>> len(ssl.enum_certificates('CA')) 39 >>> ssl.create_default_context() Traceback (most recent call last): File "", line 1, in File "C:\Program Files\Python39\lib\ssl.py", line 750, in create_default_context context.load_default_certs(purpose) File "C:\Program Files\Python39\lib\ssl.py", line 574, in load_default_certs self._load_windows_store_certs(storename, purpose) File "C:\Program Files\Python39\lib\ssl.py", line 566, in _load_windows_store_certs self.load_verify_locations(cadata=certs) ssl.SSLError: not enough data: cadata does not contain a certificate (_ssl.c:4159) >>> exit() ``` -- ___ Python tracker <https://bugs.python.org/issue45312> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue45312] "MUPCA Root" Certificates - treated as invalid and cause error, but are walid and necessary
pukkandan added the comment: Hi, I am the maintainer of the above mentioned project. I was planning to implement a patch for this. But I asked OP to report the issue here anyway since I do not believe this is the intended behavior. For context, the issue is occurring when using the `ssl.create_default_context` function and not by manually adding the verify flag. For this, the default (in my opinion) should be to ignore any invalid certificates. Even the comment in the relevent code (https://github.com/python/cpython/blob/84975146a7ce64f1d50dcec8311b7f7188a5c962/Lib/ssl.py#L772-L774) seem to agree with my sentiment. I ask that you please reconsider your stance on this issue. Thanks -- nosy: +pukkandan ___ Python tracker <https://bugs.python.org/issue45312> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com