Re: SSL module needs issuer information

Path	csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!gegeweb.org!de-l.enfer-du-nord.net!feeder1.enfer-du-nord.net!newsfeed.eweka.nl!eweka.nl!feeder3.eweka.nl!newsfeed.xs4all.nl!newsfeed6.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail
Return-Path	<python-python-list@m.gmane.org>
X-Original-To	python-list@python.org
Delivered-To	python-list@mail.python.org
X-Spam-Status	OK 0.001
X-Spam-Evidence	'H': 1.00; 'S': 0.00; 'subject:module': 0.04; 'received:verizon.net': 0.07; 'terry': 0.07; 'python': 0.08; 'received:80.91': 0.09; 'received:80.91.229': 0.09; 'received:80.91.229.12': 0.09; 'received:gmane.org': 0.09; 'received:list': 0.09; 'received:lo.gmane.org': 0.09; 'tracker': 0.09; 'extensions': 0.15; 'already.': 0.16; 'certificate.': 0.16; 'reedy': 0.16; 'subject:SSL': 0.16; 'wrote:': 0.16; 'jan': 0.19; 'subject:information': 0.21; "doesn't": 0.22; 'header:In-Reply- To:1': 0.22; 'module,': 0.23; 'pm,': 0.24; 'module.': 0.29; 'module': 0.30; "can't": 0.33; 'there': 0.33; 'to:addr:python- list': 0.33; 'header:User-Agent:1': 0.34; 'ssl': 0.34; 'header:X -Complaints-To:1': 0.35; 'issue': 0.36; 'but': 0.37; 'open': 0.37; 'not,': 0.38; 'received:org': 0.38; 'subject:: ': 0.39; 'header :Mime-Version:1': 0.39; 'basic': 0.39; 'to:addr:python.org': 0.39; "it's": 0.40; 'john': 0.62; 'subject.': 0.64; 'information,': 0.65; 'cert.': 0.84; 'issuer': 0.84; 'phony': 0.84
X-Injected-Via-Gmane	http://gmane.org/
To	python-list@python.org
From	Terry Reedy <tjreedy@udel.edu>
Subject	Re: SSL module needs issuer information
Date	Sat, 03 Sep 2011 15:23:13 -0400
References	<4e626d97$0$1665$742ec2ed@news.sonic.net>
Mime-Version	1.0
Content-Type	text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding	7bit
X-Gmane-NNTP-Posting-Host	pool-74-109-121-73.phlapa.fios.verizon.net
User-Agent	Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20110812 Thunderbird/6.0
In-Reply-To	<4e626d97$0$1665$742ec2ed@news.sonic.net>
X-BeenThere	python-list@python.org
X-Mailman-Version	2.1.12
Precedence	list
List-Id	General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe	<http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive	<http://mail.python.org/pipermail/python-list>
List-Post	<mailto:python-list@python.org>
List-Help	<mailto:python-list-request@python.org?subject=help>
List-Subscribe	<http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups	comp.lang.python
Message-ID	<mailman.748.1315077908.27778.python-list@python.org> (permalink)
Lines	16
NNTP-Posting-Host	2001:888:2000:d::a6
X-Trace	1315077908 news.xs4all.nl 2495 [2001:888:2000:d::a6]:50964
X-Complaints-To	abuse@xs4all.nl
Xref	x330-a1.tempe.blueboxinc.net comp.lang.python:12719

Show key headers only | View raw

On 9/3/2011 2:10 PM, John Nagle wrote:
> The SSL module still doesn't return much information from the
> certificate. SSLSocket.getpeercert only returns a few basic items
> about the certificate subject. You can't retrieve issuer information,
> and you can't get the extensions needed to check if a cert is an EV cert.
>
> With the latest flaps about phony cert issuers, it's worth
> having issuer info available. It was available in the old M2Crypto
> module, but not in the current Python SSL module.

Check the tracker to see if there is an issue about this already. If 
not, open one with a specific feature request.

-- 
Terry Jan Reedy

Thread

SSL module needs issuer information John Nagle <nagle@animats.com> - 2011-09-03 11:10 -0700
  Re: SSL module needs issuer information Terry Reedy <tjreedy@udel.edu> - 2011-09-03 15:23 -0400
  Re: SSL module needs issuer information Gelonida N <gelonida@gmail.com> - 2011-09-04 02:15 +0200

csiph-web