Use Windows certificate store in Python sample

Python **truststore** issue: https://github.com/sethmlarson/truststore/issues/78

The [`WebClient.py`](https://github.com/forderud/WindowsClientAuth/blob/main/WebClientPy/WebClient.py) sample script currently relies on loading the client certificate (incl. private key) from a file instead of the Windows certificate store. This makes it incompatible with secure TPM-based storage of the private key.

## Resources
It seems like Python 3.10 includes improvements in this area that will hopefully enable direct usage of the Windows certificate store (see https://sethmlarson.dev/blog/experimental-python-3.10-apis-and-trust-stores).

Python SSL sources:
*  https://github.com/python/cpython/blob/main/Lib/ssl.py (`_load_windows_store_certs("My", ssl.Purpose.CLIENT_AUTH)` looks interesting but doesn't seem to help)
* Underlying `ssl_collect_certificates`: https://github.com/python/cpython/blob/main/Modules/_ssl.c#L5380

OpenSSL sources:
* OpenSSL CAPI back-end: https://github.com/openssl/openssl/blob/master/engines/e_capi.c#L1413 (seem to be undocumented)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Use Windows certificate store in Python sample #10

Resources

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Use Windows certificate store in Python sample #10

Description

Resources

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions