Open
Description
It looks like the wincertstore module works to pull down the certs from the local certificate store in WIndows environments, and code similar to this would solve/enable SSL verification from locally installed certificates without additional user interaction via the module on the Certsrv definition via the cafile="whatever".
if you like it... include it.
Thanks for your time on this module!
import sys # for platform determination
def _get_ca_bundle():
"""Tries to find the platform ca bundle for the system (on linux systems)"""
ca_bundles = [
# list taken from https://golang.org/src/crypto/x509/root_linux.go
"/etc/ssl/certs/ca-certificates.crt", # Debian/Ubuntu/Gentoo etc.
"/etc/pki/tls/certs/ca-bundle.crt", # Fedora/RHEL 6
"/etc/ssl/ca-bundle.pem", # OpenSUSE
"/etc/pki/tls/cacert.pem", # OpenELEC
"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", # CentOS/RHEL 7
]
if sys.platform == "win32":
# these would need to be installed and or added as a dependency to this module (for windows clients)
import wincertstore
import atexit
certfile = wincertstore.CertFile()
certfile.addstore("CA")
certfile.addstore("ROOT")
atexit.register(certfile.close) # cleanup and remove files on shutdown)
ca_bundles = [certfile.name]
for ca_bundle in ca_bundles:
if os.path.isfile(ca_bundle):
return ca_bundle
# if the bundle was not found, we revert back to requests own
return True
I've been recently working a bit more with the certsrv module and pulling/creating certs, and adding them to the local windows certificate store for various projects and thought this would make a great improvement.
HTH
Metadata
Metadata
Assignees
Labels
No labels