You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It looks like the wincertstore module works to pull down the certs from the local certificate store in WIndows environments, and code similar to this would solve/enable SSL verification from locally installed certificates without additional user interaction via the module on the Certsrv definition via the cafile="whatever".
if you like it... include it.
Thanks for your time on this module!
import sys # for platform determination
def _get_ca_bundle():
"""Tries to find the platform ca bundle for the system (on linux systems)"""
ca_bundles = [
# list taken from https://golang.org/src/crypto/x509/root_linux.go
"/etc/ssl/certs/ca-certificates.crt", # Debian/Ubuntu/Gentoo etc.
"/etc/pki/tls/certs/ca-bundle.crt", # Fedora/RHEL 6
"/etc/ssl/ca-bundle.pem", # OpenSUSE
"/etc/pki/tls/cacert.pem", # OpenELEC
"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", # CentOS/RHEL 7
]
if sys.platform == "win32":
# these would need to be installed and or added as a dependency to this module (for windows clients)
import wincertstore
import atexit
certfile = wincertstore.CertFile()
certfile.addstore("CA")
certfile.addstore("ROOT")
atexit.register(certfile.close) # cleanup and remove files on shutdown)
ca_bundles = [certfile.name]
for ca_bundle in ca_bundles:
if os.path.isfile(ca_bundle):
return ca_bundle
# if the bundle was not found, we revert back to requests own
return True
I've been recently working a bit more with the certsrv module and pulling/creating certs, and adding them to the local windows certificate store for various projects and thought this would make a great improvement.
HTH
The text was updated successfully, but these errors were encountered:
It looks like the wincertstore module works to pull down the certs from the local certificate store in WIndows environments, and code similar to this would solve/enable SSL verification from locally installed certificates without additional user interaction via the module on the Certsrv definition via the cafile="whatever".
if you like it... include it.
Thanks for your time on this module!
I've been recently working a bit more with the certsrv module and pulling/creating certs, and adding them to the local windows certificate store for various projects and thought this would make a great improvement.
HTH
The text was updated successfully, but these errors were encountered: