Issue 26313: ssl.py _load_windows_store_certs fails if windows cert store is empty (original) (raw)

Issue26313

Created on 2016-02-08 20:09 by Jonathan Kamens, last changed 2022-04-11 14:58 by admin. This issue is now closed.

Files
File name Uploaded Description Edit
issue26313.diff baji,2016-03-11 10:18 review
Messages (6)
msg259880 - (view) Author: Jonathan Kamens (Jonathan Kamens) Date: 2016-02-08 20:09
In ssl.py: def _load_windows_store_certs(self, storename, purpose): certs = bytearray() for cert, encoding, trust in enum_certificates(storename): # CA certs are never PKCS#7 encoded if encoding == "x509_asn": if trust is True or purpose.oid in trust: certs.extend(cert) self.load_verify_locations(cadata=certs) return certs The line right before the return statement will raise an exception if certs is empty. It should be protected with "if certs:" as it is elsewhere in this file.
msg261552 - (view) Author: (yan12125) * Date: 2016-03-11 09:23
The same issue is reported at https://github.com/rg3/youtube-dl/issues/8132, too. Empty Windows cert store is uncommon. The only case I found so far is on Wine. Steps to reproduce: 1. On Arch Linux x86_64, install mingw-w64-python2-bin from AUR 2. Run the following command: $ WINEDEBUG=fixme-all PYTHONPATH=/usr/x86_64-w64-mingw32/lib/python27 wine /usr/x86_64-w64-mingw32/bin/python2.exe -c 'import ssl; ssl.create_default_context()' Traceback (most recent call last): File "", line 1, in File "Z:\usr\x86_64-w64-mingw32\lib\python27\ssl.py", line 440, in create_default_context context.load_default_certs(purpose) File "Z:\usr\x86_64-w64-mingw32\lib\python27\ssl.py", line 391, in load_default_certs self._load_windows_store_certs(storename, purpose) File "Z:\usr\x86_64-w64-mingw32\lib\python27\ssl.py", line 383, in _load_windows_store_certs self.load_verify_locations(cadata=certs) ValueError: Empty certificate data
msg261555 - (view) Author: Baji (baji) * Date: 2016-03-11 10:18
Protected the certs with if statement
msg261939 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2016-03-17 22:03
New changeset 8df52636b0dc by Steve Dower in branch '2.7': Issue #26313: ssl.py _load_windows_store_certs fails if windows cert store is empty. Patch by Baji. https://hg.python.org/cpython/rev/8df52636b0dc
msg261940 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2016-03-17 22:03
New changeset eb2c2671e7d6 by Steve Dower in branch '3.5': Issue #26313: ssl.py _load_windows_store_certs fails if windows cert store is empty. Patch by Baji. https://hg.python.org/cpython/rev/eb2c2671e7d6 New changeset 97cd199944c3 by Steve Dower in branch 'default': Issue #26313: ssl.py _load_windows_store_certs fails if windows cert store is empty. Patch by Baji. https://hg.python.org/cpython/rev/97cd199944c3
msg261941 - (view) Author: Steve Dower (steve.dower) * (Python committer) Date: 2016-03-17 22:04
Thanks! Fixed for 3.6, 3.5 and 2.7.
History
Date User Action Args
2022-04-11 14:58:27 admin set github: 70501
2016-03-17 22:04:16 steve.dower set status: open -> closedversions: + Python 3.5, Python 3.6messages: + resolution: fixedstage: resolved
2016-03-17 22:03:43 python-dev set messages: +
2016-03-17 22:03:43 python-dev set nosy: + python-devmessages: +
2016-03-11 10🔞30 baji set files: + issue26313.diffnosy: + bajimessages: + keywords: + patch
2016-03-11 09:23:29 yan12125 set nosy: + yan12125messages: +
2016-02-08 20:09:48 Jonathan Kamens create