from smtplib import SMTP_SSL
under Linux and it work flawlessly.
But under Windows10 I get
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)
Extract's of my code
context = ssl.create_default_context()
context.minimum_version = ssl.TLSVersion.TLSv1_3
context.maximum_version = ssl.TLSVersion.TLSv1_3
with SMTP_SSL("SomeSMTPServer.com", port=465, context=context) as SMTPssl:
I’ve dig a little bit around and I’ve seen this
pip install --upgrade certifi
Seem great, but I don’t see how to initialize it in my project ?
import certifi seem not enough…
or when doing
pip install --upgrade certifi is it modifying directly the Python CA store ?
I think you do something like this:
context = ssl.create_default_context(cafile=certifi.where())
That will have the context use certifi’s pem file.
Can’t python user the windows trust store?
I recall reading about a pypi package that needed to be added to do that, but I do not recall the details.
I’ve found wincertstore
but it’s weird because we can read on their PyPi page
The package is deprecated. Since Python 2.7.9 ssl.create_default_context() automatically loads certificates from Windows’ cert store.
if it’s the case, I’m wondering why people under windows face this error…
it’s working , thanks !
But of course this solution only work if the target server certificate is signed by one of those CA…
and of course it’s only a temporary solution as CA have a validity date…
Maybe related to one of these issues?
Do you know which certificate is missing? A test tool like this should show the entire required chain under “Additional Certificates (if supplied)”.