Workaround ssl errors in mingw python

Closes #1151

diff --git a/yt_dlp/utils.py b/yt_dlp/utils.py
index b79b796889c510e0f84f4435405af7337e241874..8b5b15103b2fe0c836d48ed571419dac904bd0a7 100644 (file)
--- a/yt_dlp/utils.py
+++ b/yt_dlp/utils.py
@@ -2373,13 +2373,20 @@ def make_HTTPS_handler(params, **kwargs):
     context.check_hostname = opts_check_certificate
     context.verify_mode = ssl.CERT_REQUIRED if opts_check_certificate else ssl.CERT_NONE
     if opts_check_certificate:
-        # Work around the issue in load_default_certs when there are bad certificates. See:
-        # https://github.com/yt-dlp/yt-dlp/issues/1060,
-        # https://bugs.python.org/issue35665, https://bugs.python.org/issue4531
-        if sys.platform == 'win32':
-            for storename in ('CA', 'ROOT'):
-                _ssl_load_windows_store_certs(context, storename)
-        context.set_default_verify_paths()
+        try:
+            context.load_default_certs()
+            # Work around the issue in load_default_certs when there are bad certificates. See:
+            # https://github.com/yt-dlp/yt-dlp/issues/1060,
+            # https://bugs.python.org/issue35665, https://bugs.python.org/issue45312
+        except ssl.SSLError:
+            # enum_certificates is not present in mingw python. See https://github.com/yt-dlp/yt-dlp/issues/1151
+            if sys.platform == 'win32' and hasattr(ssl, 'enum_certificates'):
+                # Create a new context to discard any certificates that were already loaded
+                context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+                context.check_hostname, context.verify_mode = True, ssl.CERT_REQUIRED
+                for storename in ('CA', 'ROOT'):
+                    _ssl_load_windows_store_certs(context, storename)
+            context.set_default_verify_paths()
     return YoutubeDLHTTPSHandler(params, context=context, **kwargs)