Message 213461 - Python tracker

Message213461

Author	christian.heimes
Recipients	Adam.Goodman, christian.heimes
Date	2014-03-13.20:33:50
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1394742830.55.0.981300748565.issue20916@psf.upfronthosting.co.za>
In-reply-to

Content
Thanks for you tests! Yes, I was aware of the situation in general. Personally I think it is an unfortunate decision of Microsoft to download root CA certs on demand. When I developed the feature I only experimented with a fresh but fully patched VM of Windows 7 Professional. The VM had more root CAs installed so I didn't think it's going to bite the majority users for common sites. In retrospective I might have trigger cert downloads accidentally... I also tried to implement a OpenSSL's verify hook but my code was far from ready for 3.4 beta. I'll have to implement a proper solution for Python 3.5. The situation on OSX and Windows isn't perfect. KB931125 lists a way to trigger a full download of all known root certs. Do you still have a fresh VM around? I won't have time to test the tool from KB931125 before 3.4.0 is released.

Content

Thanks for you tests!

Yes, I was aware of the situation in general. Personally I think it is an unfortunate decision of Microsoft to download root CA certs on demand. When I developed the feature I only experimented with a fresh but fully patched VM of Windows 7 Professional. The VM had more root CAs installed so I didn't think it's going to bite the majority users for common sites. In retrospective I *might* have trigger cert downloads accidentally...

I also tried to implement a OpenSSL's verify hook but my code was far from ready for 3.4 beta. I'll have to implement a proper solution for Python 3.5. The situation on OSX and Windows isn't perfect.

KB931125 lists a way to trigger a full download of all known root certs. Do you still have a fresh VM around? I won't have time to test the tool from KB931125 before 3.4.0 is released.

History
Date	User	Action	Args
2014-03-13 20:33:50	christian.heimes	set	recipients: + christian.heimes, Adam.Goodman
2014-03-13 20:33:50	christian.heimes	set	messageid: <1394742830.55.0.981300748565.issue20916@psf.upfronthosting.co.za>
2014-03-13 20:33:50	christian.heimes	link	issue20916 messages
2014-03-13 20:33:50	christian.heimes	create