Beta to master#19520
Merged
SaschaCowley merged 1 commit intomasterfrom Jan 27, 2026
Merged
Conversation
Fixes #19443 ### Summary of the issue: NVDA fails to check for updates on corporate networks which make use of HTTPS interception. ### Description of user facing changes: NVDA should again be able to check for updates on these networks. ### Description of developer facing changes: None ### Description of development approach: `winBindings.crypt32.CertCreateCertificateContext` expects its 2nd argument to be a byte pointer. Passing a Python `bytes` object directly to ctypes treats it as a char pointer to the address of the first byte in memory. Since this is memory compatible, cast the `bytes` to a byte pointer. ### Testing strategy: * [x] Commented out the block preventing `updateCheck` from being imported when running from source. Attempted to run `_updateWindowsRootCertificates` directly. * On an alpha, got the expected exception. * With this patch, no exception was raised. * [x] Set up [mitmproxy](https://www.mitmproxy.org/) to act as a stand-in for enterprise HTTPS interception, and checked for updates. Note that I did *not* install its CA, as doing so bypasses the call to `_updateWindowsRootCertificates`. * NVDA alpha-54296,aa95ea8e: Error as described in the issue, ultimately boiling down to a ctypes error. * NVDA 2025.3.2 and try-i19443-54246,566d6fea: I get the same `certificate verify failed: unable to get local issuer certificate (_ssl.c:1006)` exception. Given this is the same between these two versions and update check seems to work correctly on networks using HTTPS interception in 2025.3.2, I think this is an issue with my setup. * [ ] User testing. ### Known issues with pull request: None known
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.