Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #12727

Re: SSL module needs issuer information

Show all headers | View raw

Hi John,

On 09/03/2011 08:10 PM, John Nagle wrote:
>   The SSL module still doesn't return much information from the
> certificate.  SSLSocket.getpeercert only returns a few basic items
> about the certificate subject.  You can't retrieve issuer information,
> and you can't get the extensions needed to check if a cert is an EV cert.
> 
>   With the latest flaps about phony cert issuers, it's worth
> having issuer info available.  It was available in the old M2Crypto
> module, but not in the current Python SSL module.

Your phrasing 'old M2Crypto' disturbs me slightly.

I am using Python 2.6. Is M2Crypto also obsolete for python 2.6?

Is there any serious alternative if I want to verify the server
certificate in a safe way (and if I want to send a client certificate)??


I am in search for a set of libraries, which allows me to:

- verify the server certificate (ideally via a custom call back, which
can inspect the certificate data and then decide whether the certificate
shall be accepted or not)
	
- send a client certificate

- use https with a cookie jar (ideally even persistent, but session
cookies are enough)

- do XMLRPC calls (but send cookies in the headers)

Would m2crypto be the right choice?

Back to comp.lang.python | Previous | Next — Previous in thread | Find similar | Unroll thread

Thread

SSL module needs issuer information John Nagle <nagle@animats.com> - 2011-09-03 11:10 -0700
  Re: SSL module needs issuer information Terry Reedy <tjreedy@udel.edu> - 2011-09-03 15:23 -0400
  Re: SSL module needs issuer information Gelonida N <gelonida@gmail.com> - 2011-09-04 02:15 +0200

csiph-web