[Python-Dev] PEP 476: Enabling certificate validation by default!
martin at v.loewis.de
martin at v.loewis.de
Sat Aug 30 22:03:20 CEST 2014
More information about the Python-Dev mailing list
Sat Aug 30 22:03:20 CEST 2014
- Previous message: [Python-Dev] PEP 476: Enabling certificate validation by default!
- Next message: [Python-Dev] PEP 476: Enabling certificate validation by default!
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Zitat von Christian Heimes <christian at python.org>: > On 30.08.2014 17:22, Alex Gaynor wrote: >> The Windows certificate store is used by ``load_default_certs``: >> >> * https://github.com/python/cpython/blob/master/Lib/ssl.py#L379-L381 >> * https://docs.python.org/3.4/library/ssl.html#ssl.enum_certificates > > The Windows part of load_default_certs() has one major flaw: it can only > load certificates that are already in Windows's cert store. However > Windows comes only with a small set of default certs and downloads more > certs on demand. In order to trigger a download Python or OpenSSL would > have to use the Windows API to verify root certificates. It's better than you think. Vista+ has a weekly prefetching procedure that should assure that virtually all root certificates are available: http://support.microsoft.com/kb/931125/en-us BTW, it's patented: http://www.google.de/patents/US6816900 Regards, Martin
- Previous message: [Python-Dev] PEP 476: Enabling certificate validation by default!
- Next message: [Python-Dev] PEP 476: Enabling certificate validation by default!
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-Dev mailing list