open the cert store readonly

Patch from Chi Hsuan Yen.

diff --git a/Misc/NEWS b/Misc/NEWS
index b54809068c58eed47a2824ad9a397ee7375d31f7..7635529e90b790d1b3cd90ed1270af8ef95219d1 100644 (file)
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -50,6 +50,8 @@ Core and Builtins
 Library
 -------
 
+- Issue #25939: On Windows open the cert store readonly in ssl.enum_certificates.
+
 - Issue #24303: Fix random EEXIST upon multiprocessing semaphores creation with
   Linux PID namespaces enabled.
 

diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 9116d9f7fb782cdf1e26d0dbc8192ebe840fa9c2..8f34f955cf083f62cc4c1e10ce614be88cdb4043 100644 (file)
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -3653,7 +3653,9 @@ PySSL_enum_certificates(PyObject *self, PyObject *args, PyObject *kwds)
     if (result == NULL) {
         return NULL;
     }
-    hStore = CertOpenSystemStore((HCRYPTPROV)NULL, store_name);
+    hStore = CertOpenStore(CERT_STORE_PROV_SYSTEM_A, 0, (HCRYPTPROV)NULL,
+                            CERT_STORE_READONLY_FLAG | CERT_SYSTEM_STORE_LOCAL_MACHINE,
+                            store_name);
     if (hStore == NULL) {
         Py_DECREF(result);
         return PyErr_SetFromWindowsErr(GetLastError());
@@ -3741,7 +3743,9 @@ PySSL_enum_crls(PyObject *self, PyObject *args, PyObject *kwds)
     if (result == NULL) {
         return NULL;
     }
-    hStore = CertOpenSystemStore((HCRYPTPROV)NULL, store_name);
+    hStore = CertOpenStore(CERT_STORE_PROV_SYSTEM_A, 0, (HCRYPTPROV)NULL,
+                            CERT_STORE_READONLY_FLAG | CERT_SYSTEM_STORE_LOCAL_MACHINE,
+                            store_name);
     if (hStore == NULL) {
         Py_DECREF(result);
         return PyErr_SetFromWindowsErr(GetLastError());