also use openssl envvars to find certs on windows (closes #22449)
Patch by Christian Heimes and Alex Gaynor.
diff --git a/Lib/ssl.py b/Lib/ssl.py
index d3c18ed..d9d1916 100644
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -390,8 +390,7 @@
if sys.platform == "win32":
for storename in self._windows_cert_stores:
self._load_windows_store_certs(storename, purpose)
- else:
- self.set_default_verify_paths()
+ self.set_default_verify_paths()
def create_default_context(purpose=Purpose.SERVER_AUTH, *, cafile=None,
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index d1cf5b2..c2a4f0e 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -1016,6 +1016,14 @@
self.assertRaises(TypeError, ctx.load_default_certs, None)
self.assertRaises(TypeError, ctx.load_default_certs, 'SERVER_AUTH')
+ def test_load_default_certs_env(self):
+ ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
+ with support.EnvironmentVarGuard() as env:
+ env["SSL_CERT_DIR"] = CAPATH
+ env["SSL_CERT_FILE"] = CERTFILE
+ ctx.load_default_certs()
+ self.assertEqual(ctx.cert_store_stats(), {"crl": 0, "x509": 1, "x509_ca": 0})
+
def test_create_default_context(self):
ctx = ssl.create_default_context()
self.assertEqual(ctx.protocol, ssl.PROTOCOL_SSLv23)
diff --git a/Misc/NEWS b/Misc/NEWS
index 8602e8d..5934d5b 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -19,6 +19,9 @@
Library
-------
+- Issue #22449: In the ssl.SSLContext.load_default_certs, consult the
+ enviromental variables SSL_CERT_DIR and SSL_CERT_FILE on Windows.
+
- Issue #20076: Added non derived UTF-8 aliases to locale aliases table.
- Issue #20079: Added locales supported in glibc 2.18 to locale alias table.