Open forderud opened 2 years ago
Python truststore issue: https://github.com/sethmlarson/truststore/issues/78
The WebClient.py sample script currently relies on loading the client certificate (incl. private key) from a file instead of the Windows certificate store. This makes it incompatible with secure TPM-based storage of the private key.
WebClient.py
It seems like Python 3.10 includes improvements in this area that will hopefully enable direct usage of the Windows certificate store (see https://sethmlarson.dev/blog/experimental-python-3.10-apis-and-trust-stores).
Python SSL sources:
_load_windows_store_certs("My", ssl.Purpose.CLIENT_AUTH)
ssl_collect_certificates
OpenSSL sources:
Python truststore issue: https://github.com/sethmlarson/truststore/issues/78
The
WebClient.py
sample script currently relies on loading the client certificate (incl. private key) from a file instead of the Windows certificate store. This makes it incompatible with secure TPM-based storage of the private key.Resources
It seems like Python 3.10 includes improvements in this area that will hopefully enable direct usage of the Windows certificate store (see https://sethmlarson.dev/blog/experimental-python-3.10-apis-and-trust-stores).
Python SSL sources:
_load_windows_store_certs("My", ssl.Purpose.CLIENT_AUTH)
looks interesting but doesn't seem to help)ssl_collect_certificates
: https://github.com/python/cpython/blob/main/Modules/_ssl.c#L5380OpenSSL sources: