Issue #27114: Fix SSLContext._load_windows_store_certs fails with PermissionError

2 files changed, 12 insertions, 5 deletions

diff --git a/Lib/ssl.py b/Lib/ssl.py
index d778638..6070380 100644
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -141,6 +141,7 @@ from socket import socket, AF_INET, SOCK_STREAM, create_connection
 from socket import SOL_SOCKET, SO_TYPE
 import base64        # for DER-to-PEM translation
 import errno
+import warnings
 
 if _ssl.HAS_TLS_UNIQUE:
     CHANNEL_BINDING_TYPES = ['tls-unique']
@@ -375,11 +376,14 @@ class SSLContext(_SSLContext):
 
     def _load_windows_store_certs(self, storename, purpose):
         certs = bytearray()
-        for cert, encoding, trust in enum_certificates(storename):
-            # CA certs are never PKCS#7 encoded
-            if encoding == "x509_asn":
-                if trust is True or purpose.oid in trust:
-                    certs.extend(cert)
+        try:
+            for cert, encoding, trust in enum_certificates(storename):
+                # CA certs are never PKCS#7 encoded
+                if encoding == "x509_asn":
+                    if trust is True or purpose.oid in trust:
+                        certs.extend(cert)
+        except OSError:
+            warnings.warn("unable to enumerate Windows certificate store")
         if certs:
             self.load_verify_locations(cadata=certs)
         return certs
diff --git a/Misc/NEWS b/Misc/NEWS
index cae9ff2..4d35268 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -83,6 +83,9 @@ Core and Builtins
 Library
 -------
 
+- Issue #27114: Fix SSLContext._load_windows_store_certs fails with
+  PermissionError
+
 - Issue #14132: Fix urllib.request redirect handling when the target only has
   a query string.  Fix by Ján Janech.