What is the right way for Python / Twisted to validate an SSL certificate on Windows?

Question

What is the right way for Python / Twisted to validate an SSL certificate on Windows?

Is there a way for the Python / Twisted program to use the list of root certificates that Internet Explorer uses to verify the SSL connection to the HTTPS server? The answers provided by Python SSL Certificate Validation are very useful, but the sample code gets the root certificates by reading the special Unix directory / etc / ssl / certs / *. Pem and I don’t understand what the Windows equivalent is.

+7

python windows twisted ssl

Paul crowley Nov 10 '10 at 13:49

source share

1 answer

Glyph · Accepted Answer · 2010-11-10T17:53:11+0000

the Windows equivalent is "copy / etc / ssl / certs / *. pem from your Linux machine." Mac and Windows have different APIs for accessing their certificate stores, which Twisted does not directly support. They don’t use OpenSSL certificates natively, and they certainly don’t put things as simple as a “PEM file directory”. If you can export your trusted roots as PEM, you can query Twisted (well, indeed, OpenSSL via PyOpenSSL ) to test it this way.

I am abstractly interested in doing this in super-portable mode, but I have never tried it. Here are some links to get you started: SecureTransport Link , Microsoft Cryptography Features .

In the SecureTransport link, the documentation indicates that SSLGetTrustedRoots deprecated, but does not mention an alternative SSLCopyTrustedRoots , which is not. This is probably the API you want to get started with on Mac (via PyObjC). On Windows, I'm really not sure, except somewhere in this heap of functions there is probably one that does what you want, and maybe you can call it ctypes :).

What is the right way for Python / Twisted to validate an SSL certificate on Windows?

More articles: