Re: SSLSocket.getpeercert() doesn't return issuer, serial number, etc

Discussion in 'Python' started by Dieter Maurer, Aug 16, 2012.

  1. Gustavo Baratto <> writes:

    > SSL.Socket.getpeercert() doesn't return essential information present in the
    > client certificate (issuer, serial number, not before, etc), and it looks it
    > is by design:
    >
    >
    >
    > http://docs.python.org/library/ssl.html#ssl.SSLSocket.getpeercert
    >
    > http://hg.python.org/cpython/file/b878df1d23b1/Modules/_ssl.c#l866
    >
    >
    >
    > By deliberately removing all that information, further
    > verification/manipulation of the cert becomes impossible.
    >
    > Revocation lists, OCSP, and any other extra layers of certificate checking
    > cannot be done properly without all the information in the cert being
    > available.


    I agree with you that the information should not be discarded.

    > Is there anyway around this? There should be at least a flag for folks that
    > need all the information in the certificate.


    You could use the parameter "binary_form=True".
    In this case, you get the DER-encoded certificate and can analyse
    it with (e.g.) "openssl".
     
    Dieter Maurer, Aug 16, 2012
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. news
    Replies:
    1
    Views:
    1,157
    hzhao2
    Nov 20, 2003
  2. Elian Kool
    Replies:
    3
    Views:
    637
    Esmond Pitt
    Mar 11, 2005
  3. Kevin Walzer

    Re: PIL (etc etc etc) on OS X

    Kevin Walzer, Aug 1, 2008, in forum: Python
    Replies:
    4
    Views:
    456
    Fredrik Lundh
    Aug 13, 2008
  4. John Nagle

    SSL module needs issuer information

    John Nagle, Sep 3, 2011, in forum: Python
    Replies:
    2
    Views:
    189
    Gelonida N
    Sep 4, 2011
  5. Antoine Pitrou
    Replies:
    0
    Views:
    168
    Antoine Pitrou
    Aug 16, 2012
Loading...

Share This Page