Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.lang.python > #12727

Re: SSL module needs issuer information

Path csiph.com!x330-a1.tempe.blueboxinc.net!newsfeed.hal-mli.net!feeder3.hal-mli.net!news.glorb.com!newsfeed.xs4all.nl!newsfeed6.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail
Return-Path <python-python-list@m.gmane.org>
X-Original-To python-list@python.org
Delivered-To python-list@mail.python.org
X-Spam-Status OK 0.013
X-Spam-Evidence '*H*': 0.97; '*S*': 0.00; 'subject:module': 0.04; 'https': 0.07; 'python': 0.08; 'obsolete': 0.09; 'received:80.91': 0.09; 'received:80.91.229': 0.09; 'received:80.91.229.12': 0.09; 'received:gmane.org': 0.09; 'received:list': 0.09; 'received:lo.gmane.org': 0.09; 'extensions': 0.15; '(ideally': 0.16; 'certificate.': 0.16; 'cookies': 0.16; 'phrasing': 0.16; 'subject:SSL': 0.16; 'wrote:': 0.16; '(but': 0.21; 'subject:information': 0.21; "doesn't": 0.22; 'header:In-Reply- To:1': 0.22; 'module,': 0.23; 'pm,': 0.24; 'server': 0.29; 'module.': 0.29; '(and': 0.29; 'module': 0.30; 'xmlrpc': 0.30; "can't": 0.33; 'there': 0.33; 'to:addr:python-list': 0.33; 'decide': 0.33; 'header:User-Agent:1': 0.34; 'ssl': 0.34; 'header:X-Complaints-To:1': 0.35; 'using': 0.37; 'but': 0.37; 'received:org': 0.38; 'allows': 0.38; 'accepted': 0.38; 'subject:: ': 0.39; 'client': 0.39; 'header:Mime-Version:1': 0.39; 'basic': 0.39; 'session': 0.39; 'data': 0.39; 'to:addr:python.org': 0.39; "it's": 0.40; 'your': 0.61; 'custom': 0.61; 'john': 0.62; 'alternative': 0.64; 'back,': 0.64; 'subject.': 0.64; 'information,': 0.65; 'safe': 0.69; 'serious': 0.78; '08:10': 0.84; 'cert.': 0.84; 'issuer': 0.84; 'john,': 0.84; 'phony': 0.84
X-Injected-Via-Gmane http://gmane.org/
To python-list@python.org
From Gelonida N <gelonida@gmail.com>
Subject Re: SSL module needs issuer information
Date Sun, 04 Sep 2011 02:15:32 +0200
References <4e626d97$0$1665$742ec2ed@news.sonic.net>
Mime-Version 1.0
Content-Type text/plain; charset=ISO-8859-1
Content-Transfer-Encoding 7bit
X-Gmane-NNTP-Posting-Host unicorn.dungeon.de
User-Agent Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.20) Gecko/20110805 Lightning/1.0b2 ""
In-Reply-To <4e626d97$0$1665$742ec2ed@news.sonic.net>
X-BeenThere python-list@python.org
X-Mailman-Version 2.1.12
Precedence list
List-Id General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive <http://mail.python.org/pipermail/python-list>
List-Post <mailto:python-list@python.org>
List-Help <mailto:python-list-request@python.org?subject=help>
List-Subscribe <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups comp.lang.python
Message-ID <mailman.750.1315095349.27778.python-list@python.org> (permalink)
Lines 36
NNTP-Posting-Host 2001:888:2000:d::a6
X-Trace 1315095349 news.xs4all.nl 2399 [2001:888:2000:d::a6]:32770
X-Complaints-To abuse@xs4all.nl
Xref x330-a1.tempe.blueboxinc.net comp.lang.python:12727

Show key headers only | View raw


Hi John,

On 09/03/2011 08:10 PM, John Nagle wrote:
>   The SSL module still doesn't return much information from the
> certificate.  SSLSocket.getpeercert only returns a few basic items
> about the certificate subject.  You can't retrieve issuer information,
> and you can't get the extensions needed to check if a cert is an EV cert.
> 
>   With the latest flaps about phony cert issuers, it's worth
> having issuer info available.  It was available in the old M2Crypto
> module, but not in the current Python SSL module.

Your phrasing 'old M2Crypto' disturbs me slightly.

I am using Python 2.6. Is M2Crypto also obsolete for python 2.6?

Is there any serious alternative if I want to verify the server
certificate in a safe way (and if I want to send a client certificate)??


I am in search for a set of libraries, which allows me to:

- verify the server certificate (ideally via a custom call back, which
can inspect the certificate data and then decide whether the certificate
shall be accepted or not)
	
- send a client certificate

- use https with a cookie jar (ideally even persistent, but session
cookies are enough)

- do XMLRPC calls (but send cookies in the headers)

Would m2crypto be the right choice?

Back to comp.lang.python | Previous | NextPrevious in thread | Find similar | Unroll thread


Thread

SSL module needs issuer information John Nagle <nagle@animats.com> - 2011-09-03 11:10 -0700
  Re: SSL module needs issuer information Terry Reedy <tjreedy@udel.edu> - 2011-09-03 15:23 -0400
  Re: SSL module needs issuer information Gelonida N <gelonida@gmail.com> - 2011-09-04 02:15 +0200

csiph-web