Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #12727
| Path | csiph.com!x330-a1.tempe.blueboxinc.net!newsfeed.hal-mli.net!feeder3.hal-mli.net!news.glorb.com!newsfeed.xs4all.nl!newsfeed6.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail |
|---|---|
| Return-Path | <python-python-list@m.gmane.org> |
| X-Original-To | python-list@python.org |
| Delivered-To | python-list@mail.python.org |
| X-Spam-Status | OK 0.013 |
| X-Spam-Evidence | '*H*': 0.97; '*S*': 0.00; 'subject:module': 0.04; 'https': 0.07; 'python': 0.08; 'obsolete': 0.09; 'received:80.91': 0.09; 'received:80.91.229': 0.09; 'received:80.91.229.12': 0.09; 'received:gmane.org': 0.09; 'received:list': 0.09; 'received:lo.gmane.org': 0.09; 'extensions': 0.15; '(ideally': 0.16; 'certificate.': 0.16; 'cookies': 0.16; 'phrasing': 0.16; 'subject:SSL': 0.16; 'wrote:': 0.16; '(but': 0.21; 'subject:information': 0.21; "doesn't": 0.22; 'header:In-Reply- To:1': 0.22; 'module,': 0.23; 'pm,': 0.24; 'server': 0.29; 'module.': 0.29; '(and': 0.29; 'module': 0.30; 'xmlrpc': 0.30; "can't": 0.33; 'there': 0.33; 'to:addr:python-list': 0.33; 'decide': 0.33; 'header:User-Agent:1': 0.34; 'ssl': 0.34; 'header:X-Complaints-To:1': 0.35; 'using': 0.37; 'but': 0.37; 'received:org': 0.38; 'allows': 0.38; 'accepted': 0.38; 'subject:: ': 0.39; 'client': 0.39; 'header:Mime-Version:1': 0.39; 'basic': 0.39; 'session': 0.39; 'data': 0.39; 'to:addr:python.org': 0.39; "it's": 0.40; 'your': 0.61; 'custom': 0.61; 'john': 0.62; 'alternative': 0.64; 'back,': 0.64; 'subject.': 0.64; 'information,': 0.65; 'safe': 0.69; 'serious': 0.78; '08:10': 0.84; 'cert.': 0.84; 'issuer': 0.84; 'john,': 0.84; 'phony': 0.84 |
| X-Injected-Via-Gmane | http://gmane.org/ |
| To | python-list@python.org |
| From | Gelonida N <gelonida@gmail.com> |
| Subject | Re: SSL module needs issuer information |
| Date | Sun, 04 Sep 2011 02:15:32 +0200 |
| References | <4e626d97$0$1665$742ec2ed@news.sonic.net> |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset=ISO-8859-1 |
| Content-Transfer-Encoding | 7bit |
| X-Gmane-NNTP-Posting-Host | unicorn.dungeon.de |
| User-Agent | Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.20) Gecko/20110805 Lightning/1.0b2 "" |
| In-Reply-To | <4e626d97$0$1665$742ec2ed@news.sonic.net> |
| X-BeenThere | python-list@python.org |
| X-Mailman-Version | 2.1.12 |
| Precedence | list |
| List-Id | General discussion list for the Python programming language <python-list.python.org> |
| List-Unsubscribe | <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe> |
| List-Archive | <http://mail.python.org/pipermail/python-list> |
| List-Post | <mailto:python-list@python.org> |
| List-Help | <mailto:python-list-request@python.org?subject=help> |
| List-Subscribe | <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe> |
| Newsgroups | comp.lang.python |
| Message-ID | <mailman.750.1315095349.27778.python-list@python.org> (permalink) |
| Lines | 36 |
| NNTP-Posting-Host | 2001:888:2000:d::a6 |
| X-Trace | 1315095349 news.xs4all.nl 2399 [2001:888:2000:d::a6]:32770 |
| X-Complaints-To | abuse@xs4all.nl |
| Xref | x330-a1.tempe.blueboxinc.net comp.lang.python:12727 |
Show key headers only | View raw
Hi John, On 09/03/2011 08:10 PM, John Nagle wrote: > The SSL module still doesn't return much information from the > certificate. SSLSocket.getpeercert only returns a few basic items > about the certificate subject. You can't retrieve issuer information, > and you can't get the extensions needed to check if a cert is an EV cert. > > With the latest flaps about phony cert issuers, it's worth > having issuer info available. It was available in the old M2Crypto > module, but not in the current Python SSL module. Your phrasing 'old M2Crypto' disturbs me slightly. I am using Python 2.6. Is M2Crypto also obsolete for python 2.6? Is there any serious alternative if I want to verify the server certificate in a safe way (and if I want to send a client certificate)?? I am in search for a set of libraries, which allows me to: - verify the server certificate (ideally via a custom call back, which can inspect the certificate data and then decide whether the certificate shall be accepted or not) - send a client certificate - use https with a cookie jar (ideally even persistent, but session cookies are enough) - do XMLRPC calls (but send cookies in the headers) Would m2crypto be the right choice?
Back to comp.lang.python | Previous | Next — Previous in thread | Find similar | Unroll thread
SSL module needs issuer information John Nagle <nagle@animats.com> - 2011-09-03 11:10 -0700 Re: SSL module needs issuer information Terry Reedy <tjreedy@udel.edu> - 2011-09-03 15:23 -0400 Re: SSL module needs issuer information Gelonida N <gelonida@gmail.com> - 2011-09-04 02:15 +0200
csiph-web