SSL follow up

Y

Yogesh Chawla - PD

Hi Paul and John,
Thanks for the SSL follow up messages.

I have 2 questions. 1) How do we get the Server cert
in python. John wrote: "Nor does there seem to be a
way to get at the certificate itself from within
Python." Perhaps pycurl will allow us to do this. Is
there another method to get the server cert?

2) I like the idea of calling openssl in a subprocess.
Do you have any of those openssl commands handy? If
not, I can look through the documentation tommorrow.

Thanks!

Yogesh
 
P

Paul Rubin

Yogesh Chawla - PD said:
2) I like the idea of calling openssl in a subprocess.
Do you have any of those openssl commands handy? If
not, I can look through the documentation tommorrow.
Click to expand...

To dump out the certificate? Try:

openssl x509 -text -in filename.crt

if the cert is in a file. Omit that -in parameter if you want openssl
to read from stdin. Of course now you get this other text format
thing to parse, but it's not so bad.
 
H

Heikki Toivonen

Yogesh said:
I have 2 questions. 1) How do we get the Server cert
in python. John wrote: "Nor does there seem to be a
way to get at the certificate itself from within
Python." Perhaps pycurl will allow us to do this. Is
there another method to get the server cert?
Click to expand...

Here's an example with M2Crypto:

from M2Crypto import SSL

ctx = SSL.Context()
conn = SSL.Connection(ctx)
conn.connect(('www.verisign.com', 443))
cert = conn.get_peer_cert()
2) I like the idea of calling openssl in a subprocess.
Do you have any of those openssl commands handy? If
not, I can look through the documentation tommorrow.
Click to expand...

I would be surprised if M2Crypto did not provide what you want. If it
doesn't, I'd be happy to add the functionality.
 
?

=?ISO-8859-1?Q?Michael_Str=F6der?=

Paul said:
To dump out the certificate? Try:

openssl x509 -text -in filename.crt

if the cert is in a file. Omit that -in parameter if you want openssl
to read from stdin. Of course now you get this other text format
thing to parse, but it's not so bad.
Click to expand...

I wouldn't recommend that. Actually I tried one time. Use a decent
module instead which parses certs for you. I wrote one myself for web2ldap.

Ciao, Michael.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

python 2.7 SSL to fetch servers notAfter date 0
SSL module needs issuer information 2
Compiling python without ssl? 0
SSL and os.system/Popen 0
Problems compiling Python 3.4 on Ubuntu 6
How to get Python make to detect /usr/local/ssl 0
client ssl verification 0
ANN: eGenix pyOpenSSL Distribution 0.13.3.1.0.1.6 1

Members online

No members online now.
Total: 27 (members: 0, guests: 27)
Robots: 377

Forum statistics

Threads
473,755
Messages
2,569,537
Members
45,020
Latest member
GenesisGai

Latest Threads

Top