Issue #27114: Fix SSLContext._load_windows_store_certs fails with PermissionError

diff --git a/Lib/ssl.py b/Lib/ssl.py
index d77863843adc57110169d9dbdb7226bc6cea9b79..60703808793345f08ad3f4b71b61a47bba837ce4 100644 (file)
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -141,6 +141,7 @@ from socket import socket, AF_INET, SOCK_STREAM, create_connection
 from socket import SOL_SOCKET, SO_TYPE
 import base64        # for DER-to-PEM translation
 import errno
+import warnings
 
 if _ssl.HAS_TLS_UNIQUE:
     CHANNEL_BINDING_TYPES = ['tls-unique']
@@ -375,11 +376,14 @@ class SSLContext(_SSLContext):
 
     def _load_windows_store_certs(self, storename, purpose):
         certs = bytearray()
-        for cert, encoding, trust in enum_certificates(storename):
-            # CA certs are never PKCS#7 encoded
-            if encoding == "x509_asn":
-                if trust is True or purpose.oid in trust:
-                    certs.extend(cert)
+        try:
+            for cert, encoding, trust in enum_certificates(storename):
+                # CA certs are never PKCS#7 encoded
+                if encoding == "x509_asn":
+                    if trust is True or purpose.oid in trust:
+                        certs.extend(cert)
+        except OSError:
+            warnings.warn("unable to enumerate Windows certificate store")
         if certs:
             self.load_verify_locations(cadata=certs)
         return certs

diff --git a/Misc/NEWS b/Misc/NEWS
index cae9ff2b464c0ae4d3f3fe29cd788893901a0695..4d35268516b2db5bd0b26eccd845238c608c5925 100644 (file)
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -83,6 +83,9 @@ Core and Builtins
 Library
 -------
 
+- Issue #27114: Fix SSLContext._load_windows_store_certs fails with
+  PermissionError
+
 - Issue #14132: Fix urllib.request redirect handling when the target only has
   a query string.  Fix by Ján Janech.