open the cert store readonly

Patch from Chi Hsuan Yen.

open the cert store readonly
Patch from Chi Hsuan Yen.
547ab5f7 · Benjamin Peterson · 02246381 · 547ab5f7 · 547ab5f7
Commit 547ab5f7 authored Feb 17, 2016 by Benjamin Peterson
Show whitespace changes
Inline Side-by-side

Showing with 8 additions and 2 deletions

Misc/NEWS Misc/NEWS +2 -0

Modules/_ssl.c Modules/_ssl.c +6 -2

No files found.
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -16,6 +16,8 @@ Core and Builtins
 Library
 -------
+- Issue #25939: On Windows open the cert store readonly in ssl.enum_certificates.
 - Issue #22570: Add 'path' attribute to pathlib.Path objects,
  returning the same as str(), to make it more similar to DirEntry.
  Library code can now write getattr(p, 'path', p) to get the path as

--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -3597,7 +3597,9 @@ PySSL_enum_certificates(PyObject *self, PyObject *args, PyObject *kwds)
    if (result == NULL) {
        return NULL;
    }
-    hStore = CertOpenSystemStore((HCRYPTPROV)NULL, store_name);
+    hStore = CertOpenStore(CERT_STORE_PROV_SYSTEM_A, 0, (HCRYPTPROV)NULL,
+                            CERT_STORE_READONLY_FLAG | CERT_SYSTEM_STORE_LOCAL_MACHINE,
+                            store_name);
    if (hStore == NULL) {
        Py_DECREF(result);
        return PyErr_SetFromWindowsErr(GetLastError());
@@ -3685,7 +3687,9 @@ PySSL_enum_crls(PyObject *self, PyObject *args, PyObject *kwds)
    if (result == NULL) {
        return NULL;
    }
-    hStore = CertOpenSystemStore((HCRYPTPROV)NULL, store_name);
+    hStore = CertOpenStore(CERT_STORE_PROV_SYSTEM_A, 0, (HCRYPTPROV)NULL,
+                            CERT_STORE_READONLY_FLAG | CERT_SYSTEM_STORE_LOCAL_MACHINE,
+                            store_name);
    if (hStore == NULL) {
        Py_DECREF(result);
        return PyErr_SetFromWindowsErr(GetLastError());