Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #27141
| From | Dieter Maurer <dieter@handshake.de> |
|---|---|
| Subject | Re: SSLSocket.getpeercert() doesn't return issuer, serial number, etc |
| Date | 2012-08-16 07:24 +0200 |
| References | <CAGv_rMieX1hTzxuKXixC=2hm0es3VR-3tgNpGQTUgU42uk2+fw@mail.gmail.com> |
| Newsgroups | comp.lang.python |
| Message-ID | <mailman.3343.1345094704.4697.python-list@python.org> (permalink) |
Gustavo Baratto <gbaratto@gmail.com> writes: > SSL.Socket.getpeercert() doesn't return essential information present in the > client certificate (issuer, serial number, not before, etc), and it looks it > is by design: > > > > http://docs.python.org/library/ssl.html#ssl.SSLSocket.getpeercert > > http://hg.python.org/cpython/file/b878df1d23b1/Modules/_ssl.c#l866 > > > > By deliberately removing all that information, further > verification/manipulation of the cert becomes impossible. > > Revocation lists, OCSP, and any other extra layers of certificate checking > cannot be done properly without all the information in the cert being > available. I agree with you that the information should not be discarded. > Is there anyway around this? There should be at least a flag for folks that > need all the information in the certificate. You could use the parameter "binary_form=True". In this case, you get the DER-encoded certificate and can analyse it with (e.g.) "openssl".
Back to comp.lang.python | Previous | Next | Find similar | Unroll thread
Re: SSLSocket.getpeercert() doesn't return issuer, serial number, etc Dieter Maurer <dieter@handshake.de> - 2012-08-16 07:24 +0200
csiph-web