Adam Goodman added the comment:
What Martin said is correct, IMO.
The actual problem I'd like to correct is: If I - for example - create an
HTTPSConnection with cert validation enabled, and set to use the default OS
trust mechanism, then the validation process should trigger Windows' root CA
New submission from Adam Goodman:
Starting with Vista, Microsoft began shipping only a very minimal set of root
CA certificates with Windows. Microsoft does trust many other authorities, but
for these, Windows relies on the Update Root Certificates feature:
http://technet.microsoft.com/en-us
Changes by Adam Goodman akg...@duosecurity.com:
Added file: http://bugs.python.org/file34405/win_ca_test.py
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20916
Adam Goodman added the comment:
I just tried installing the root certificate update from KB931125 on a clean
VM. Now I have 369 trusted root CAs, according to certmgr.msc. (I imagine it
would be unreasonable to expect all windows python users to do this, though...)
The https request
