Workaround ssl errors in mingw python

Closes #1151
2024-11-04 12:07:12 +01:00 · 2021-10-05 08:32:05 +05:30 · 2021-10-05 08:32:05 +05:30 · 4e3d1898a8
commit 4e3d1898a8
parent f85e6be42e
1 changed files with 14 additions and 7 deletions
--- a/yt_dlp/utils.py
+++ b/yt_dlp/utils.py
@ -2373,13 +2373,20 @@ def make_HTTPS_handler(params, **kwargs):
    context.check_hostname = opts_check_certificate
    context.verify_mode = ssl.CERT_REQUIRED if opts_check_certificate else ssl.CERT_NONE
    if opts_check_certificate:
-        # Work around the issue in load_default_certs when there are bad certificates. See:
-        # https://github.com/yt-dlp/yt-dlp/issues/1060,
-        # https://bugs.python.org/issue35665, https://bugs.python.org/issue4531
-        if sys.platform == 'win32':
-            for storename in ('CA', 'ROOT'):
-                _ssl_load_windows_store_certs(context, storename)
-        context.set_default_verify_paths()
+        try:
+            context.load_default_certs()
+            # Work around the issue in load_default_certs when there are bad certificates. See:
+            # https://github.com/yt-dlp/yt-dlp/issues/1060,
+            # https://bugs.python.org/issue35665, https://bugs.python.org/issue45312
+        except ssl.SSLError:
+            # enum_certificates is not present in mingw python. See https://github.com/yt-dlp/yt-dlp/issues/1151
+            if sys.platform == 'win32' and hasattr(ssl, 'enum_certificates'):
+                # Create a new context to discard any certificates that were already loaded
+                context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+                context.check_hostname, context.verify_mode = True, ssl.CERT_REQUIRED
+                for storename in ('CA', 'ROOT'):
+                    _ssl_load_windows_store_certs(context, storename)
+            context.set_default_verify_paths()
    return YoutubeDLHTTPSHandler(params, context=context, **kwargs)