Metadata-Version: 1.1
Name: wincertstore
Version: 0.2
Summary: Python module to extract CA and CRL certs from Windows' cert store (ctypes based).
Home-page: https://bitbucket.org/tiran/wincertstore
Author: Christian Heimes
Author-email: christian@python.org
License: PSFL
Download-URL: http://pypi.python.org/pypi/wincertstore
Description: ============
        wincertstore
        ============
        
        wincertstore provides an interface to access Windows' CA and CRL certificates.
        It uses ctypes and Windows's sytem cert store API through crypt32.dll.
        
        .. warning:: Security Fix
           
           wincertstore 0.1 used to return *all* certificates although some are *not*
           suitable to verify TLS/SSL server certificates. wincertstore 0.2 only
           returns certificates for *SERVER_AUTH* enhanced key usage by default.
        
        
        Example
        =======
        
        ::
        
            import wincertstore
            for storename in ("CA", "ROOT"):
                with wincertstore.CertSystemStore(storename) as store:
                    for cert in store.itercerts(usage=wincertstore.SERVER_AUTH):
                        print(cert.get_pem().decode("ascii"))
                        print(cert.get_name())
                        print(cert.enhanced_keyusage_names())
        
        ``SERVER_AUTH`` is the default enhanced key usage. In order to get all
        certificates for any usage, use ``None``. The module offers more OIDs like
        ``CLIENT_AUTH``, too.
        
        For Python versions without the with statement::
        
            for storename in ("CA", "ROOT"):
                store = wincertstore.CertSystemStore(storename)
                try:
                    for cert in store.itercerts():
                        print(cert.get_pem().decode("ascii")
                finally:
                    store.close()
        
        See `CertOpenSystemStore`_
        
        CertFile helper::
        
            import wincertstore
            import atexit
            import ssl
        
            certfile = wincertstore.CertFile()
            certfile.addstore("CA")
            certfile.addstore("ROOT")
            atexit.register(certfile.close) # cleanup and remove files on shutdown)
        
            ssl_sock = ssl.wrap_socket(sock,
                                       ca_certs=certfile.name,
                                       cert_reqs=ssl.CERT_REQUIRED)
        
        
        Requirements
        ============
        
        - Python 2.3 to 3.3
        
        - Windows XP, Windows Server 2003 or newer
        
        - ctypes 1.0.2 (Python 2.3 and 2.4)
          from http://sourceforge.net/projects/ctypes/
        
          
        License
        =======
        
        Copyright (c) 2013, 2014 by Christian Heimes <christian@python.org>
        
        Licensed to PSF under a Contributor Agreement.
        
        See http://www.python.org/psf/license for licensing details.
        
        
        Acknowledgements
        ================
        
        http://fixunix.com/openssl/254866-re-can-openssl-use-windows-certificate-store.html
        
        http://bugs.python.org/issue17134
        
        
        References
        ==========
        
        .. _CertOpenSystemStore: http://msdn.microsoft.com/en-us/library/windows/desktop/aa376560%28v=vs.85%29.aspx
        
        ﻿Changelog
        =========
        
        wincertstore 0.2
        ----------------
        
        *Release date: 26-Feb-2013*
        
        - By default CertSystemStore.itercerts() is now limited to return only
          certs that are suitable for SERVER_AUTH -- that is to validate a TLS/SSL's
          server cert from the perspective of a client.
        
        - Add CERT_CONTEXT.get_name() to get a human readable name of a certificate.
        
        - Add CERT_CONTEXT.enhanced_keyusage() to get enhanced key usage and trust
          settings from registry. The method returns either ``True`` or a frozenset
          of OIDs. True means that the certificate is valid for any purpose.
        
        - CERT_CONTEXT.enhanced_keyusage_names() maps OIDs to human readable names.
        
        - Add commin OIDs for enhanced key usages like SERVER_AUTH and CLIENT_AUTH.
        
        - Add support for universal wheels.
        
        - Add tox for testing Python 2.6 to 3.3. Python 2.4 and 2.5 are tested
          manually.
        
        - Use pypi.python.org:443 for TLS tests.
        
        
        wincertstore 0.1
        ----------------
        
        *Release date: 22-Mar-2013*
        
        - Initial release
        
Keywords: windows cert ssl ca crl
Platform: Windows
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: Python Software Foundation License
Classifier: Natural Language :: English
Classifier: Operating System :: Microsoft :: Windows
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 2
Classifier: Programming Language :: Python :: 2.3
Classifier: Programming Language :: Python :: 2.4
Classifier: Programming Language :: Python :: 2.5
Classifier: Programming Language :: Python :: 2.6
Classifier: Programming Language :: Python :: 2.7
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.1
Classifier: Programming Language :: Python :: 3.2
Classifier: Programming Language :: Python :: 3.3
Classifier: Programming Language :: Python :: 3.4
