============
wincertstore
.. warning::
The package is deprecated. Since Python 2.7.9
ssl.create_default_context()
automatically loads certificates from
Windows' cert store.
wincertstore provides an interface to access Windows' CA and CRL certificates.
It uses ctypes and Windows's sytem cert store API through crypt32.dll.
Example
::
import wincertstore
for storename in ("CA", "ROOT"):
with wincertstore.CertSystemStore(storename) as store:
for cert in store.itercerts(usage=wincertstore.SERVER_AUTH):
print(cert.get_pem().decode("ascii"))
print(cert.get_name())
print(cert.enhanced_keyusage_names())
SERVER_AUTH
is the default enhanced key usage. In order to get all
certificates for any usage, use None
. The module offers more OIDs like
CLIENT_AUTH
, too.
For Python versions without the with statement::
for storename in ("CA", "ROOT"):
store = wincertstore.CertSystemStore(storename)
try:
for cert in store.itercerts():
print(cert.get_pem().decode("ascii")
finally:
store.close()
See CertOpenSystemStore
_
CertFile helper::
import wincertstore
import atexit
import ssl
certfile = wincertstore.CertFile()
certfile.addstore("CA")
certfile.addstore("ROOT")
atexit.register(certfile.close) # cleanup and remove files on shutdown)
ssl_sock = ssl.wrap_socket(sock,
ca_certs=certfile.name,
cert_reqs=ssl.CERT_REQUIRED)
Requirements
License
Copyright (c) 2013, 2014 by Christian Heimes christian@python.org
Licensed to PSF under a Contributor Agreement.
See http://www.python.org/psf/license for licensing details.
Acknowledgements
http://fixunix.com/openssl/254866-re-can-openssl-use-windows-certificate-store.html
http://bugs.python.org/issue17134
References
.. _CertOpenSystemStore: http://msdn.microsoft.com/en-us/library/windows/desktop/aa376560%28v=vs.85%29.aspx
ChangeLog
wincertstore 0.2
Release date: 26-Feb-2013
-
By default CertSystemStore.itercerts() is now limited to return only
certs that are suitable for SERVER_AUTH -- that is to validate a TLS/SSL's
server cert from the perspective of a client.
-
Add CERT_CONTEXT.get_name() to get a human readable name of a certificate.
-
Add CERT_CONTEXT.enhanced_keyusage() to get enhanced key usage and trust
settings from registry. The method returns either True
or a frozenset
of OIDs. True means that the certificate is valid for any purpose.
-
CERT_CONTEXT.enhanced_keyusage_names() maps OIDs to human readable names.
-
Add commin OIDs for enhanced key usages like SERVER_AUTH and CLIENT_AUTH.
-
Add support for universal wheels.
-
Add tox for testing Python 2.6 to 3.3. Python 2.4 and 2.5 are tested
manually.
-
Use pypi.python.org:443 for TLS tests.
wincertstore 0.1
Release date: 22-Mar-2013