open the cert store readonly

Patch from Chi Hsuan Yen.

open the cert store readonly
Patch from Chi Hsuan Yen.
b2e3946d · Benjamin Peterson · 1c2a7b59 · b2e3946d · b2e3946d
Kaydet (Commit) b2e3946d authored Şub 18, 2016 tarafından Benjamin Peterson
Show whitespace changes
Inline Side-by-side

Showing with 8 additions and 2 deletions

NEWS Misc/NEWS +2 -0

_ssl.c Modules/_ssl.c +6 -2

No files found.
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -50,6 +50,8 @@ Core and Builtins
 Library
 -------

+- Issue #25939: On Windows open the cert store readonly in ssl.enum_certificates.
+
 - Issue #24303: Fix random EEXIST upon multiprocessing semaphores creation with
  Linux PID namespaces enabled.


--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -3653,7 +3653,9 @@ PySSL_enum_certificates(PyObject *self, PyObject *args, PyObject *kwds)
    if (result == NULL) {
        return NULL;
    }
-    hStore = CertOpenSystemStore((HCRYPTPROV)NULL, store_name);
+    hStore = CertOpenStore(CERT_STORE_PROV_SYSTEM_A, 0, (HCRYPTPROV)NULL,
+                            CERT_STORE_READONLY_FLAG | CERT_SYSTEM_STORE_LOCAL_MACHINE,
+                            store_name);
    if (hStore == NULL) {
        Py_DECREF(result);
        return PyErr_SetFromWindowsErr(GetLastError());
@@ -3741,7 +3743,9 @@ PySSL_enum_crls(PyObject *self, PyObject *args, PyObject *kwds)
    if (result == NULL) {
        return NULL;
    }
-    hStore = CertOpenSystemStore((HCRYPTPROV)NULL, store_name);
+    hStore = CertOpenStore(CERT_STORE_PROV_SYSTEM_A, 0, (HCRYPTPROV)NULL,
+                            CERT_STORE_READONLY_FLAG | CERT_SYSTEM_STORE_LOCAL_MACHINE,
+                            store_name);
    if (hStore == NULL) {
        Py_DECREF(result);
        return PyErr_SetFromWindowsErr(GetLastError());