New submission from Michael Schlenker <m...@contact.de>:
The introduction of the ReadOnly flag in the ssl.enum_certificates() function implementation has introduced a regression. The old version returned certificates for both the current user and the local system, the new function only enumerates system wide certificates and ignores the current user. The old function before Patch from https://bugs.python.org/issue25939 used a different function to open the certificate store (CertOpenStore vs. CertOpenSystemStore). Probably some of the param flags are not identical, the new code explictly lists only local system. Testing: 1. Import a self signed CA only into the 'current user' trustworthy certificates. 2. Use IE to Connect to a https:// website using that trust root. Works. 3. Try to open the website with old python and new python. Old one works, new one fails. Or just enum certificates: 1. Import a self signed CA into the current_user trusted store. 2. Compare outputs of: import ssl len(ssl.enum_certificates('ROOT')) ---------- assignee: christian.heimes components: SSL, Windows messages: 335084 nosy: christian.heimes, paul.moore, schlenk, steve.dower, tim.golden, zach.ware priority: normal severity: normal status: open title: ssl.enum_certificates() regression type: behavior versions: Python 2.7, Python 3.4, Python 3.5, Python 3.6, Python 3.7, Python 3.8 _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue35941> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
