wincertstore

============ wincertstore

.. warning::

The package is deprecated. Since Python 2.7.9 ssl.create_default_context() automatically loads certificates from Windows' cert store.

wincertstore provides an interface to access Windows' CA and CRL certificates. It uses ctypes and Windows's sytem cert store API through crypt32.dll.

Example

::

import wincertstore
for storename in ("CA", "ROOT"):
    with wincertstore.CertSystemStore(storename) as store:
        for cert in store.itercerts(usage=wincertstore.SERVER_AUTH):
            print(cert.get_pem().decode("ascii"))
            print(cert.get_name())
            print(cert.enhanced_keyusage_names())

SERVER_AUTH is the default enhanced key usage. In order to get all certificates for any usage, use None. The module offers more OIDs like CLIENT_AUTH, too.

For Python versions without the with statement::

for storename in ("CA", "ROOT"):
    store = wincertstore.CertSystemStore(storename)
    try:
        for cert in store.itercerts():
            print(cert.get_pem().decode("ascii")
    finally:
        store.close()

See CertOpenSystemStore_

CertFile helper::

import wincertstore
import atexit
import ssl

certfile = wincertstore.CertFile()
certfile.addstore("CA")
certfile.addstore("ROOT")
atexit.register(certfile.close) # cleanup and remove files on shutdown)

ssl_sock = ssl.wrap_socket(sock,
                           ca_certs=certfile.name,
                           cert_reqs=ssl.CERT_REQUIRED)

Requirements

• Python 2.3 to 3.3

• Windows XP, Windows Server 2003 or newer

• ctypes 1.0.2 (Python 2.3 and 2.4) from http://sourceforge.net/projects/ctypes/

License

Copyright (c) 2013, 2014 by Christian Heimes christian@python.org

Licensed to PSF under a Contributor Agreement.

See http://www.python.org/psf/license for licensing details.

Acknowledgements

http://fixunix.com/openssl/254866-re-can-openssl-use-windows-certificate-store.html

http://bugs.python.org/issue17134

References

.. _CertOpenSystemStore: http://msdn.microsoft.com/en-us/library/windows/desktop/aa376560%28v=vs.85%29.aspx

ChangeLog

wincertstore 0.2

Release date: 26-Feb-2013

• By default CertSystemStore.itercerts() is now limited to return only certs that are suitable for SERVER_AUTH -- that is to validate a TLS/SSL's server cert from the perspective of a client.

• Add CERT_CONTEXT.get_name() to get a human readable name of a certificate.

• Add CERT_CONTEXT.enhanced_keyusage() to get enhanced key usage and trust settings from registry. The method returns either True or a frozenset of OIDs. True means that the certificate is valid for any purpose.

• CERT_CONTEXT.enhanced_keyusage_names() maps OIDs to human readable names.

• Add commin OIDs for enhanced key usages like SERVER_AUTH and CLIENT_AUTH.

• Add support for universal wheels.

• Add tox for testing Python 2.6 to 3.3. Python 2.4 and 2.5 are tested manually.

• Use pypi.python.org:443 for TLS tests.

wincertstore 0.1

Release date: 22-Mar-2013

• Initial release