Opened 21 months ago

Last modified 8 months ago

#6371 enhancement new

Support native Windows trusted CA database for SSL certificate validation

Reported by: itamar Owned by:
Priority: normal Milestone:
Component: core Keywords:
Cc: Branch:
Author: Launchpad Bug:


This was originally part of #5446, where Glyph wrote:

On Windows - and this is purely from a quick glance at the reference documentation, so take it with a grain of salt - I believe the right way to do this is to use CertOpenSystemStore with the string "CA", or possibly "ROOT", or maybe both, and then do CertEnumCertificatesInStore or maybe just PFXExportCertStoreEx to dump the certs into a format we can import into OpenSSL.

Change History (4)

comment:1 Changed 21 months ago by exarkun

There is a Python library to help out with this too:

This may be easier than writing C, or Cython, or using ctypes or cffi. Or maybe not, I haven't investigated much. But it's something to look at I guess.

comment:2 Changed 8 months ago by itamar

wincertstore is written with ctypes.

comment:3 Changed 8 months ago by aronbierbaum

I have been working on an implementation that uses for ctypes also. In the spirit of not duplicating effort, is anyone else also working on a solution?

comment:4 Changed 8 months ago by itamar

Assuming wincertstore does what it says it does, presumably that's who you should talk to. Unless you want to add something to Twisted, in which case using wincertstore seems like a good start.

Note: See TracTickets for help on using tickets.