Issue26313
Created on 2016-02-08 20:09 by Jonathan Kamens, last changed 2016-03-17 22:04 by steve.dower. This issue is now closed.
| Files | ||||
|---|---|---|---|---|
| File name | Uploaded | Description | Edit | |
| issue26313.diff | baji, 2016-03-11 10:18 | review | ||
| Messages (6) | |||
|---|---|---|---|
| msg259880 - (view) | Author: Jonathan Kamens (Jonathan Kamens) | Date: 2016-02-08 20:09 | |
In ssl.py:
def _load_windows_store_certs(self, storename, purpose):
certs = bytearray()
for cert, encoding, trust in enum_certificates(storename):
# CA certs are never PKCS#7 encoded
if encoding == "x509_asn":
if trust is True or purpose.oid in trust:
certs.extend(cert)
self.load_verify_locations(cadata=certs)
return certs
The line right before the return statement will raise an exception if certs is empty.
It should be protected with "if certs:" as it is elsewhere in this file.
|
|||
| msg261552 - (view) | Author: Chih-Hsuan Yen (yan12125) * | Date: 2016-03-11 09:23 | |
The same issue is reported at https://github.com/rg3/youtube-dl/issues/8132, too. Empty Windows cert store is uncommon. The only case I found so far is on Wine. Steps to reproduce: 1. On Arch Linux x86_64, install mingw-w64-python2-bin from AUR 2. Run the following command: $ WINEDEBUG=fixme-all PYTHONPATH=/usr/x86_64-w64-mingw32/lib/python27 wine /usr/x86_64-w64-mingw32/bin/python2.exe -c 'import ssl; ssl.create_default_context()' Traceback (most recent call last): File "<string>", line 1, in <module> File "Z:\usr\x86_64-w64-mingw32\lib\python27\ssl.py", line 440, in create_default_context context.load_default_certs(purpose) File "Z:\usr\x86_64-w64-mingw32\lib\python27\ssl.py", line 391, in load_default_certs self._load_windows_store_certs(storename, purpose) File "Z:\usr\x86_64-w64-mingw32\lib\python27\ssl.py", line 383, in _load_windows_store_certs self.load_verify_locations(cadata=certs) ValueError: Empty certificate data |
|||
| msg261555 - (view) | Author: Baji (baji) * | Date: 2016-03-11 10:18 | |
Protected the certs with if statement |
|||
| msg261939 - (view) | Author: Roundup Robot (python-dev) | Date: 2016-03-17 22:03 | |
New changeset 8df52636b0dc by Steve Dower in branch '2.7': Issue #26313: ssl.py _load_windows_store_certs fails if windows cert store is empty. Patch by Baji. https://hg.python.org/cpython/rev/8df52636b0dc |
|||
| msg261940 - (view) | Author: Roundup Robot (python-dev) | Date: 2016-03-17 22:03 | |
New changeset eb2c2671e7d6 by Steve Dower in branch '3.5': Issue #26313: ssl.py _load_windows_store_certs fails if windows cert store is empty. Patch by Baji. https://hg.python.org/cpython/rev/eb2c2671e7d6 New changeset 97cd199944c3 by Steve Dower in branch 'default': Issue #26313: ssl.py _load_windows_store_certs fails if windows cert store is empty. Patch by Baji. https://hg.python.org/cpython/rev/97cd199944c3 |
|||
| msg261941 - (view) | Author: Steve Dower (steve.dower) * | Date: 2016-03-17 22:04 | |
Thanks! Fixed for 3.6, 3.5 and 2.7. |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2016-03-17 22:04:16 | steve.dower | set | status: open -> closed versions: + Python 3.5, Python 3.6 messages: + msg261941 resolution: fixed |
| 2016-03-17 22:03:43 | python-dev | set | messages: + msg261940 |
| 2016-03-17 22:03:43 | python-dev | set | nosy:
+ python-dev messages: + msg261939 |
| 2016-03-11 10:18:30 | baji | set | files:
+ issue26313.diff nosy:
+ baji keywords: + patch |
| 2016-03-11 09:23:29 | yan12125 | set | nosy:
+ yan12125 messages: + msg261552 |
| 2016-02-08 20:09:48 | Jonathan Kamens | create | |