gh-137560: Speed up ssl.create_default_context() on Windows

Try to load all certificates at once. This speeds up the process
if all certificates in the Windows certificate store are valid.
But slows down it if there are invalid ones.

Author: serhiy-storchaka

Lib/ssl.py

@@ -513,17 +513,29 @@ def set_alpn_protocols(self, alpn_protocols):
         self._set_alpn_protocols(protos)
 
     def _load_windows_store_certs(self, storename, purpose):
+        certs = []
         try:
             for cert, encoding, trust in enum_certificates(storename):
                 # CA certs are never PKCS#7 encoded
                 if encoding == "x509_asn":
                     if trust is True or purpose.oid in trust:
-                        try:
-                            self.load_verify_locations(cadata=cert)
-                        except SSLError as exc:
-                            warnings.warn(f"Bad certificate in Windows certificate store: {exc!s}")
+                        certs.append(cert)
         except PermissionError:
             warnings.warn("unable to enumerate Windows certificate store")
+        if certs:
+            # Try to load all certificates at once, for performance.
+            try:
+                self.load_verify_locations(cadata=b''.join(cert))
+                return
+            except SSLError:
+                pass
+            # There are invalid certificates.
+            # Load them one by one and ignore the bad ones.
+            for cert in certs:
+                try:
+                    self.load_verify_locations(cadata=cert)
+                except SSLError as exc:
+                    warnings.warn(f"Bad certificate in Windows certificate store: {exc!s}")
 
     def load_default_certs(self, purpose=Purpose.SERVER_AUTH):
         if not isinstance(purpose, _ASN1Object):

Misc/NEWS.d/next/Library/2025-08-09-22-43-33.gh-issue-137560.JFUI4F.rst

@@ -0,0 +1,2 @@
+Speed up :func:`ssl.create_default_context` on Windows if all certificates
+in the Windows certificate store are valid.