New submission from Jean-Philippe Landry:
Hello,
Would it be possible for Python to use the Certificate Store in windows instead
of a predetermined list of certificates. The use case is as follows:
Multiple machines being on a corporate network where there is a man in the
middle packet inspection (IT security stuff...) that will resign most of the
SSL connections with its own certificate that is unfortunately not part of the
python default store. There are also multiple behind the firewall servers using
self signed certificates. That means that almost all SSL requests, including
pip install will throw the famous [SSL: CERTIFICATE_VERIFY_FAILED] error.
This is transparent in Chrome because Chrome is using the Windows store to
determine if a certificate is trusted or not and all those custom certificates
are in the windows store.
However, Python uses its own file (list of approved certificates). I understand
that this can be overridden using a custom, manually managed, crt file and set
it into the environment variables (REQUESTS_CA_BUNDLE) and it works. However,
this involves manual operation and undesired maintenance when a new certificate
will be added to the store. The windows store itself gets updated periodically
by IT so it is a not an issue.
Is there a rationale behind using a specific file instead of the windows store
which will work for Chrome, IE, etc...
Best regards,
Jean-Philippe
--
assignee: christian.heimes
components: SSL
messages: 279602
nosy: Jean-Philippe Landry, christian.heimes
priority: normal
severity: normal
status: open
title: Python to use Windows Certificate Store
type: behavior
versions: Python 3.5
___
Python tracker
<http://bugs.python.org/issue28547>
___
___
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
