[openlp-dev] Windows and SSL

Chris Hill chris at minkus.me.uk
Sat Feb 18 05:28:37 EST 2017

I would be wary of the proposed solution to 2 – I suspect it will do different things depending on which web browser is set as default (recipe for weird bugs when people have Chrome / IE / Edge / FireFox / Opera / Lynx as their default browser).


Is there any documentation regarding the issues with Python and SSL?


If we need a call to trigger the certificate download before we do it ‘for real’, can we use WinInet or WinHTTP instead? (if necessary a small native Windows app that performs the call for us?)


*lightbulb moment* Can we perform the call inside the OpenLP installer?


Just some thoughts.



'Therefore, if anyone is in Christ, he is a new creation;

the old has gone, the new has come!' - 2 Corinthians 5v17

 <mailto:chris at minkus.me.uk> chris at minkus.me.uk




From: openlp-dev [mailto:openlp-dev-bounces at openlp.io] On Behalf Of Tim and Alison Bentley
Sent: 18 February 2017 07:21
To: OpenLP Developers <openlp-dev at openlp.io>
Subject: Re: [openlp-dev] Windows and SSL


My 2 Rand!


1) will be an endless set of changes trying to keep track of the root certificates and my give us different problems 


2) it OpenLP has not run on a machine on windows issue a command to get the certificates. As you say it can be done in the background but could be done as a step in the FTW so it is obvious what is being done.


process = subprocess.Popen("explore.exe https://get.openlp.io",


On 18 February 2017 at 04:19, Raoul Snyman <raoul at snyman.info <mailto:raoul at snyman.info> > wrote:

Hello everyone,

As some of you might know, we're having SSL issues on Windows. This is because Windows does not ship with all the root certificates and downloads them on the fly. Our current advice to people is to go to https://get.openlp.org/ in Internet Explorer or Edge and then try the First Time Wizard again (same applies to SongSelect).

However, this is really tedious because we have to tell each and every person who visits the forums or IRC or e-mails the support system about it. There must be a better way. Sadly, Microsoft is not going to do anything about this, and unless Python changes the way they do things on Windows, we're probably going to be stuck with the problem.

I see only 2 real options here.

1. Bundle all the root certs with OpenLP on Windows. We can tell Python where to find them.

2. When we want to access an https page, do some sort of pre-flight calling some internal Windows function to get the certs for us.

Does anyone else have any ideas for how to solve this?

In the mean time I'm going to write up a blog post and put a sticky post in the forums about this.

Raoul Snyman
+1 (520) 490-9743 <tel:%2B1%20%28520%29%20490-9743> 
raoul at snyman.info <mailto:raoul at snyman.info> 
openlp-dev mailing list
openlp-dev at openlp.io <mailto:openlp-dev at openlp.io> 



Tim and Alison Bentley
Home at TRARBentley.net <mailto:Home at TRARBentley.net> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openlp.io/pipermail/openlp-dev/attachments/20170218/c6b7467a/attachment-0001.html>

More information about the openlp-dev mailing list