Bug report

Bug description:

ssl.py

classSSLContext(_SSLContext):"""An SSLContext holds various SSL-related configuration options and    data, such as certificates and possibly a private key."""_windows_cert_stores= ("CA","ROOT")

When a certificate is imported into the windows "Intermediate Certification Authorities" most applications do not consider this a trusted CA and will fail to verify. Examples are the chrome browser and .Net Applications.
This can be tested using -https://untrusted-root.badssl.com/ and downloading the public key and importing into the "Intermediate Certificate Authorities".

Cert = Windows CertMgr Name
Root = Trusted Root Certification Authorities
CA = Intermediate Certification Authorities

Given that other applications (chrome, .Net) seem to not treat "CA" certificates as a trusted root, should python load these by default?

Use Case:
Using requests Adapter to load the windows certificates rather than rely on Certifi.
https://requests.readthedocs.io/en/latest/user/advanced/#:~:text=10%27%2C%20%27rel%27%3A%20%27last%27%7D-,Transport%20Adapters%C2%B6,-As%20of%20v1.0.0

classWindowsSSLContextAdapter(HTTPAdapter):def__init__(self,url_prefix):self.url_prefix=url_prefixsuper().__init__()definit_poolmanager(self,*args,**kwargs):# loads CA and ROOT certificates on windowscontext=ssl.create_default_context()kwargs['ssl_context']=contextreturnsuper().init_poolmanager(*args,**kwargs)#Mount the HTTPAdapter on requests sessionsession.mount(url_prefix,adapter)

CPython versions tested on:

3.11

Operating systems tested on:

Windows