diff options
| author | pukkandan <pukkandan.ytdlp@gmail.com> | 2022-06-23 07:56:29 +0530 |
|---|---|---|
| committer | pukkandan <pukkandan.ytdlp@gmail.com> | 2022-07-07 11:29:49 +0530 |
| commit | 168bbc4f3895f007af2341ed6b419908bf206e0a (patch) | |
| tree | e8c977eb3098a392d7eeca30ad2f0c87694895ec /yt_dlp/utils.py | |
| parent | a3976e07600247786b23df1ec9f93695b6d899ae (diff) | |
| download | hypervideo-pre-168bbc4f3895f007af2341ed6b419908bf206e0a.tar.lz hypervideo-pre-168bbc4f3895f007af2341ed6b419908bf206e0a.tar.xz hypervideo-pre-168bbc4f3895f007af2341ed6b419908bf206e0a.zip | |
Do not load system certificates when `certifi` is used
This causes `CERTIFICATE_VERIFY_FAILED` if there is an
expired/bad certificate in the system store
Partially reverts 8a82af3511b4379af0d239dbd01c672c17a2c46a
Related: #4145
Diffstat (limited to 'yt_dlp/utils.py')
| -rw-r--r-- | yt_dlp/utils.py | 23 |
1 files changed, 12 insertions, 11 deletions
diff --git a/yt_dlp/utils.py b/yt_dlp/utils.py index 67efb88c6..c2e766ce4 100644 --- a/yt_dlp/utils.py +++ b/yt_dlp/utils.py @@ -950,17 +950,18 @@ def make_HTTPS_handler(params, **kwargs): if opts_check_certificate: if has_certifi and 'no-certifi' not in params.get('compat_opts', []): context.load_verify_locations(cafile=certifi.where()) - try: - context.load_default_certs() - # Work around the issue in load_default_certs when there are bad certificates. See: - # https://github.com/yt-dlp/yt-dlp/issues/1060, - # https://bugs.python.org/issue35665, https://bugs.python.org/issue45312 - except ssl.SSLError: - # enum_certificates is not present in mingw python. See https://github.com/yt-dlp/yt-dlp/issues/1151 - if sys.platform == 'win32' and hasattr(ssl, 'enum_certificates'): - for storename in ('CA', 'ROOT'): - _ssl_load_windows_store_certs(context, storename) - context.set_default_verify_paths() + else: + try: + context.load_default_certs() + # Work around the issue in load_default_certs when there are bad certificates. See: + # https://github.com/yt-dlp/yt-dlp/issues/1060, + # https://bugs.python.org/issue35665, https://bugs.python.org/issue45312 + except ssl.SSLError: + # enum_certificates is not present in mingw python. See https://github.com/yt-dlp/yt-dlp/issues/1151 + if sys.platform == 'win32' and hasattr(ssl, 'enum_certificates'): + for storename in ('CA', 'ROOT'): + _ssl_load_windows_store_certs(context, storename) + context.set_default_verify_paths() client_certfile = params.get('client_certificate') if client_certfile: |