gh-79846: Make ssl.create_default_context()
ignore invalid certificates
#91740
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #79846, fixes #89475
Currently, when loading certificates from the Windows certificate store, error in any one certificate causes
ssl.create_default_context()
to crash. This causes issues in systems that have certificates that are not quite to-spec. A primary culprit for this is "MUPCA Root", which (despite being is technically invalid) is essential for citizens of SerbiaSee the conversations under the linked issues for more details
I believe it makes sense for
create_default_context
to ignore any invalid certificates in the system store. An existing comment in the related code seems to agree with me on this:cpython/Lib/ssl.py
Lines 772 to 774 in 8497514
This issue can be solved by loading each certificate one by one and ignoring any
SSLError
s. I had outlined the idea for this patch in the above-mentioned issue, but never recieved any reply on whether this is acceptable. Hopefully, this PR receives better attention