mirror of https://github.com/python/cpython
[3.13] gh-79846: Make ssl.create_default_context() ignore invalid certificates (GH-91740) (#122768)
gh-79846: Make ssl.create_default_context() ignore invalid certificates (GH-91740)
An error in one certificate should not cause the whole thing to fail.
(cherry picked from commit 9e551f9b35
)
Co-authored-by: pukkandan <pukkandan.ytdlp@gmail.com>
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
This commit is contained in:
parent
8a4f708220
commit
8c01b34268
|
@ -513,18 +513,17 @@ class SSLContext(_SSLContext):
|
||||||
self._set_alpn_protocols(protos)
|
self._set_alpn_protocols(protos)
|
||||||
|
|
||||||
def _load_windows_store_certs(self, storename, purpose):
|
def _load_windows_store_certs(self, storename, purpose):
|
||||||
certs = bytearray()
|
|
||||||
try:
|
try:
|
||||||
for cert, encoding, trust in enum_certificates(storename):
|
for cert, encoding, trust in enum_certificates(storename):
|
||||||
# CA certs are never PKCS#7 encoded
|
# CA certs are never PKCS#7 encoded
|
||||||
if encoding == "x509_asn":
|
if encoding == "x509_asn":
|
||||||
if trust is True or purpose.oid in trust:
|
if trust is True or purpose.oid in trust:
|
||||||
certs.extend(cert)
|
try:
|
||||||
|
self.load_verify_locations(cadata=cert)
|
||||||
|
except SSLError as exc:
|
||||||
|
warnings.warn(f"Bad certificate in Windows certificate store: {exc!s}")
|
||||||
except PermissionError:
|
except PermissionError:
|
||||||
warnings.warn("unable to enumerate Windows certificate store")
|
warnings.warn("unable to enumerate Windows certificate store")
|
||||||
if certs:
|
|
||||||
self.load_verify_locations(cadata=certs)
|
|
||||||
return certs
|
|
||||||
|
|
||||||
def load_default_certs(self, purpose=Purpose.SERVER_AUTH):
|
def load_default_certs(self, purpose=Purpose.SERVER_AUTH):
|
||||||
if not isinstance(purpose, _ASN1Object):
|
if not isinstance(purpose, _ASN1Object):
|
||||||
|
|
|
@ -0,0 +1,2 @@
|
||||||
|
Makes :code:`ssl.create_default_context()` ignore invalid certificates in
|
||||||
|
the Windows certificate store
|
Loading…
Reference in New Issue