SSL follow up

Discussion in 'Python' started by Yogesh Chawla - PD, Oct 24, 2006.

  1. Hi Paul and John,
    Thanks for the SSL follow up messages.

    I have 2 questions. 1) How do we get the Server cert
    in python. John wrote: "Nor does there seem to be a
    way to get at the certificate itself from within
    Python." Perhaps pycurl will allow us to do this. Is
    there another method to get the server cert?

    2) I like the idea of calling openssl in a subprocess.
    Do you have any of those openssl commands handy? If
    not, I can look through the documentation tommorrow.

    Thanks!

    Yogesh
     
    Yogesh Chawla - PD, Oct 24, 2006
    #1
    1. Advertising

  2. Yogesh Chawla - PD

    Paul Rubin Guest

    Yogesh Chawla - PD <> writes:
    > 2) I like the idea of calling openssl in a subprocess.
    > Do you have any of those openssl commands handy? If
    > not, I can look through the documentation tommorrow.


    To dump out the certificate? Try:

    openssl x509 -text -in filename.crt

    if the cert is in a file. Omit that -in parameter if you want openssl
    to read from stdin. Of course now you get this other text format
    thing to parse, but it's not so bad.
     
    Paul Rubin, Oct 24, 2006
    #2
    1. Advertising

  3. Yogesh Chawla - PD wrote:
    > I have 2 questions. 1) How do we get the Server cert
    > in python. John wrote: "Nor does there seem to be a
    > way to get at the certificate itself from within
    > Python." Perhaps pycurl will allow us to do this. Is
    > there another method to get the server cert?


    Here's an example with M2Crypto:

    from M2Crypto import SSL

    ctx = SSL.Context()
    conn = SSL.Connection(ctx)
    conn.connect(('www.verisign.com', 443))
    cert = conn.get_peer_cert()

    > 2) I like the idea of calling openssl in a subprocess.
    > Do you have any of those openssl commands handy? If
    > not, I can look through the documentation tommorrow.


    I would be surprised if M2Crypto did not provide what you want. If it
    doesn't, I'd be happy to add the functionality.

    --
    Heikki Toivonen
     
    Heikki Toivonen, Oct 25, 2006
    #3
  4. Paul Rubin wrote:
    >
    > To dump out the certificate? Try:
    >
    > openssl x509 -text -in filename.crt
    >
    > if the cert is in a file. Omit that -in parameter if you want openssl
    > to read from stdin. Of course now you get this other text format
    > thing to parse, but it's not so bad.


    I wouldn't recommend that. Actually I tried one time. Use a decent
    module instead which parses certs for you. I wrote one myself for web2ldap.

    Ciao, Michael.
     
    =?ISO-8859-1?Q?Michael_Str=F6der?=, Oct 26, 2006
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. 620
    Replies:
    2
    Views:
    1,059
    Murat Tunaboylu
    Jan 6, 2004
  2. CW
    Replies:
    2
    Views:
    557
  3. Sean Wolfe
    Replies:
    1
    Views:
    2,313
    Joerg Jooss
    Apr 28, 2005
  4. emukang
    Replies:
    0
    Views:
    2,939
    emukang
    Dec 20, 2005
  5. Matti Kiviharju

    Problem with SSL (Newbie with SSL)

    Matti Kiviharju, Jan 14, 2005, in forum: HTML
    Replies:
    0
    Views:
    411
    Matti Kiviharju
    Jan 14, 2005
Loading...

Share This Page