Issue #27114: Fix SSLContext._load_windows_store_certs fails with PermissionError

48df37db · Steve Dower · e67c92ea · 33bc4a29 · 48df37db · 48df37db
Commit 48df37db authored May 26, 2016 by Steve Dower
Show whitespace changes
Inline Side-by-side

Showing with 12 additions and 5 deletions

Lib/ssl.py Lib/ssl.py +9 -5

Misc/NEWS Misc/NEWS +3 -0

No files found.
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -145,6 +145,7 @@ from socket import socket, AF_INET, SOCK_STREAM, create_connection
 from socket import SOL_SOCKET, SO_TYPE
 import base64        # for DER-to-PEM translation
 import errno
+import warnings
 socket_error = OSError  # keep that public name in module namespace
@@ -405,11 +406,14 @@ class SSLContext(_SSLContext):
    def _load_windows_store_certs(self, storename, purpose):
        certs = bytearray()
+        try:
            for cert, encoding, trust in enum_certificates(storename):
                # CA certs are never PKCS#7 encoded
                if encoding == "x509_asn":
                    if trust is True or purpose.oid in trust:
                        certs.extend(cert)
+        except PermissionError:
+            warnings.warn("unable to enumerate Windows certificate store")
        if certs:
            self.load_verify_locations(cadata=certs)
        return certs

--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -22,6 +22,9 @@ Core and Builtins
 Library
 -------
+- Issue #27114: Fix SSLContext._load_windows_store_certs fails with
+  PermissionError
 - Issue #18383: Avoid creating duplicate filters when using filterwarnings
  and simplefilter.  Based on patch by Alex Shkop.