[issue20916] ssl.enum_certificates() will not return all certificates trusted by Windows

2017-02-24 Thread Chi Hsuan Yen
Changes by Chi Hsuan Yen : -- nosy: +Chi Hsuan Yen ___ Python tracker ___ ___

[issue20916] ssl.enum_certificates() will not return all certificates trusted by Windows

2016-09-15 Thread Christian Heimes
Changes by Christian Heimes : -- assignee: -> christian.heimes components: +SSL nosy: +christian.heimes versions: +Python 3.6, Python 3.7 ___ Python tracker

[issue20916] ssl.enum_certificates() will not return all certificates trusted by Windows

2016-06-12 Thread Christian Heimes
Changes by Christian Heimes : -- nosy: -christian.heimes ___ Python tracker ___ ___

[issue20916] ssl.enum_certificates() will not return all certificates trusted by Windows

2016-06-12 Thread ppperry
Changes by ppperry : -- components: +Windows nosy: +paul.moore, tim.golden, zach.ware ___ Python tracker ___

[issue20916] ssl.enum_certificates() will not return all certificates trusted by Windows

2016-06-12 Thread Christian Heimes
Changes by Christian Heimes : -- assignee: christian.heimes -> ___ Python tracker ___ ___

[issue20916] ssl.enum_certificates() will not return all certificates trusted by Windows

2015-02-11 Thread John Nagle
John Nagle added the comment: Amusingly, I'm getting this failure on verisign.com on Windows 7 with Python 2.7.9: HTTP error - [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)..) The current Verisign root cert (Class 3 public) is, indeed, not in the Windows 7 cert

[issue20916] ssl.enum_certificates() will not return all certificates trusted by Windows

2015-01-17 Thread Antoine Pitrou
Changes by Antoine Pitrou pit...@free.fr: -- nosy: +steve.dower ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20916 ___ ___ Python-bugs-list

[issue20916] ssl.enum_certificates() will not return all certificates trusted by Windows

2015-01-15 Thread James Teh
Changes by James Teh ja...@nvaccess.org: -- nosy: +jteh ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20916 ___ ___ Python-bugs-list mailing list

[issue20916] ssl.enum_certificates() will not return all certificates trusted by Windows

2014-03-17 Thread Adam Goodman
Adam Goodman added the comment: What Martin said is correct, IMO. The actual problem I'd like to correct is: If I - for example - create an HTTPSConnection with cert validation enabled, and set to use the default OS trust mechanism, then the validation process should trigger Windows' root CA

[issue20916] ssl.enum_certificates() will not return all certificates trusted by Windows

2014-03-14 Thread Martin v . Löwis
Martin v. Löwis added the comment: I notice that this issue doesn't contain actual problem statement; Adam only reported what he did and what happened, but not what should have happened instead. I personally don't think that the problem stated in the title (ssl.enum_certificates() will not

[issue20916] ssl.enum_certificates() will not return all certificates trusted by Windows

2014-03-14 Thread Antoine Pitrou
Antoine Pitrou added the comment: If this is a Microsoft decision, perhaps it should be documented, then. -- nosy: +pitrou ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20916 ___

[issue20916] ssl.enum_certificates() will not return all certificates trusted by Windows

2014-03-13 Thread Adam Goodman
New submission from Adam Goodman: Starting with Vista, Microsoft began shipping only a very minimal set of root CA certificates with Windows. Microsoft does trust many other authorities, but for these, Windows relies on the Update Root Certificates feature:

[issue20916] ssl.enum_certificates() will not return all certificates trusted by Windows

2014-03-13 Thread Adam Goodman
Changes by Adam Goodman akg...@duosecurity.com: Added file: http://bugs.python.org/file34405/win_ca_test.py ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20916 ___

[issue20916] ssl.enum_certificates() will not return all certificates trusted by Windows

2014-03-13 Thread Christian Heimes
Christian Heimes added the comment: Thanks for you tests! Yes, I was aware of the situation in general. Personally I think it is an unfortunate decision of Microsoft to download root CA certs on demand. When I developed the feature I only experimented with a fresh but fully patched VM of

[issue20916] ssl.enum_certificates() will not return all certificates trusted by Windows

2014-03-13 Thread Adam Goodman
Adam Goodman added the comment: I just tried installing the root certificate update from KB931125 on a clean VM. Now I have 369 trusted root CAs, according to certmgr.msc. (I imagine it would be unreasonable to expect all windows python users to do this, though...) The https request to