Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #12713 > unrolled thread
| Started by | John Nagle <nagle@animats.com> |
|---|---|
| First post | 2011-09-03 11:10 -0700 |
| Last post | 2011-09-04 02:15 +0200 |
| Articles | 3 — 3 participants |
Back to article view | Back to comp.lang.python
SSL module needs issuer information John Nagle <nagle@animats.com> - 2011-09-03 11:10 -0700
Re: SSL module needs issuer information Terry Reedy <tjreedy@udel.edu> - 2011-09-03 15:23 -0400
Re: SSL module needs issuer information Gelonida N <gelonida@gmail.com> - 2011-09-04 02:15 +0200
| From | John Nagle <nagle@animats.com> |
|---|---|
| Date | 2011-09-03 11:10 -0700 |
| Subject | SSL module needs issuer information |
| Message-ID | <4e626d97$0$1665$742ec2ed@news.sonic.net> |
The SSL module still doesn't return much information from the certificate. SSLSocket.getpeercert only returns a few basic items about the certificate subject. You can't retrieve issuer information, and you can't get the extensions needed to check if a cert is an EV cert. With the latest flaps about phony cert issuers, it's worth having issuer info available. It was available in the old M2Crypto module, but not in the current Python SSL module. John Nagle
[toc] | [next] | [standalone]
| From | Terry Reedy <tjreedy@udel.edu> |
|---|---|
| Date | 2011-09-03 15:23 -0400 |
| Message-ID | <mailman.748.1315077908.27778.python-list@python.org> |
| In reply to | #12713 |
On 9/3/2011 2:10 PM, John Nagle wrote: > The SSL module still doesn't return much information from the > certificate. SSLSocket.getpeercert only returns a few basic items > about the certificate subject. You can't retrieve issuer information, > and you can't get the extensions needed to check if a cert is an EV cert. > > With the latest flaps about phony cert issuers, it's worth > having issuer info available. It was available in the old M2Crypto > module, but not in the current Python SSL module. Check the tracker to see if there is an issue about this already. If not, open one with a specific feature request. -- Terry Jan Reedy
[toc] | [prev] | [next] | [standalone]
| From | Gelonida N <gelonida@gmail.com> |
|---|---|
| Date | 2011-09-04 02:15 +0200 |
| Message-ID | <mailman.750.1315095349.27778.python-list@python.org> |
| In reply to | #12713 |
Hi John, On 09/03/2011 08:10 PM, John Nagle wrote: > The SSL module still doesn't return much information from the > certificate. SSLSocket.getpeercert only returns a few basic items > about the certificate subject. You can't retrieve issuer information, > and you can't get the extensions needed to check if a cert is an EV cert. > > With the latest flaps about phony cert issuers, it's worth > having issuer info available. It was available in the old M2Crypto > module, but not in the current Python SSL module. Your phrasing 'old M2Crypto' disturbs me slightly. I am using Python 2.6. Is M2Crypto also obsolete for python 2.6? Is there any serious alternative if I want to verify the server certificate in a safe way (and if I want to send a client certificate)?? I am in search for a set of libraries, which allows me to: - verify the server certificate (ideally via a custom call back, which can inspect the certificate data and then decide whether the certificate shall be accepted or not) - send a client certificate - use https with a cookie jar (ideally even persistent, but session cookies are enough) - do XMLRPC calls (but send cookies in the headers) Would m2crypto be the right choice?
[toc] | [prev] | [standalone]
Back to top | Article view | comp.lang.python
csiph-web