Python module to extract CA and CRL certs from Windows' cert store (ctypes based).
.. warning::
The package is deprecated. Since Python 2.7.9
ssl.create_default_context() automatically loads certificates from
Windows' cert store.
wincertstore provides an interface to access Windows' CA and CRL certificates. It uses ctypes and Windows's sytem cert store API through crypt32.dll.
::
import wincertstore
for storename in ("CA", "ROOT"):
with wincertstore.CertSystemStore(storename) as store:
for cert in store.itercerts(usage=wincertstore.SERVER_AUTH):
print(cert.get_pem().decode("ascii"))
print(cert.get_name())
print(cert.enhanced_keyusage_names())
SERVER_AUTH is the default enhanced key usage. In order to get all
certificates for any usage, use None. The module offers more OIDs like
CLIENT_AUTH, too.
For Python versions without the with statement::
for storename in ("CA", "ROOT"):
store = wincertstore.CertSystemStore(storename)
try:
for cert in store.itercerts():
print(cert.get_pem().decode("ascii")
finally:
store.close()
See CertOpenSystemStore_
CertFile helper::
import wincertstore
import atexit
import ssl
certfile = wincertstore.CertFile()
certfile.addstore("CA")
certfile.addstore("ROOT")
atexit.register(certfile.close) # cleanup and remove files on shutdown)
ssl_sock = ssl.wrap_socket(sock,
ca_certs=certfile.name,
cert_reqs=ssl.CERT_REQUIRED)
Python 2.3 to 3.3
Windows XP, Windows Server 2003 or newer
ctypes 1.0.2 (Python 2.3 and 2.4) from http://sourceforge.net/projects/ctypes/
Copyright (c) 2013, 2014 by Christian Heimes christian@python.org
Licensed to PSF under a Contributor Agreement.
See http://www.python.org/psf/license for licensing details.
http://fixunix.com/openssl/254866-re-can-openssl-use-windows-certificate-store.html
http://bugs.python.org/issue17134
.. _CertOpenSystemStore: http://msdn.microsoft.com/en-us/library/windows/desktop/aa376560%28v=vs.85%29.aspx
Release date: 26-Feb-2013
By default CertSystemStore.itercerts() is now limited to return only certs that are suitable for SERVER_AUTH -- that is to validate a TLS/SSL's server cert from the perspective of a client.
Add CERT_CONTEXT.get_name() to get a human readable name of a certificate.
Add CERT_CONTEXT.enhanced_keyusage() to get enhanced key usage and trust
settings from registry. The method returns either True or a frozenset
of OIDs. True means that the certificate is valid for any purpose.
CERT_CONTEXT.enhanced_keyusage_names() maps OIDs to human readable names.
Add commin OIDs for enhanced key usages like SERVER_AUTH and CLIENT_AUTH.
Add support for universal wheels.
Add tox for testing Python 2.6 to 3.3. Python 2.4 and 2.5 are tested manually.
Use pypi.python.org:443 for TLS tests.
Release date: 22-Mar-2013
FAQs
Python module to extract CA and CRL certs from Windows' cert store (ctypes based).
We found that wincertstore demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.