SSL module needs issuer information

J

John Nagle

The SSL module still doesn't return much information from the
certificate. SSLSocket.getpeercert only returns a few basic items
about the certificate subject. You can't retrieve issuer information,
and you can't get the extensions needed to check if a cert is an EV cert.

With the latest flaps about phony cert issuers, it's worth
having issuer info available. It was available in the old M2Crypto
module, but not in the current Python SSL module.

John Nagle
 
T

Terry Reedy

The SSL module still doesn't return much information from the
certificate. SSLSocket.getpeercert only returns a few basic items
about the certificate subject. You can't retrieve issuer information,
and you can't get the extensions needed to check if a cert is an EV cert.

With the latest flaps about phony cert issuers, it's worth
having issuer info available. It was available in the old M2Crypto
module, but not in the current Python SSL module.

Check the tracker to see if there is an issue about this already. If
not, open one with a specific feature request.
 
G

Gelonida N

Hi John,

The SSL module still doesn't return much information from the
certificate. SSLSocket.getpeercert only returns a few basic items
about the certificate subject. You can't retrieve issuer information,
and you can't get the extensions needed to check if a cert is an EV cert.

With the latest flaps about phony cert issuers, it's worth
having issuer info available. It was available in the old M2Crypto
module, but not in the current Python SSL module.

Your phrasing 'old M2Crypto' disturbs me slightly.

I am using Python 2.6. Is M2Crypto also obsolete for python 2.6?

Is there any serious alternative if I want to verify the server
certificate in a safe way (and if I want to send a client certificate)??


I am in search for a set of libraries, which allows me to:

- verify the server certificate (ideally via a custom call back, which
can inspect the certificate data and then decide whether the certificate
shall be accepted or not)

- send a client certificate

- use https with a cookie jar (ideally even persistent, but session
cookies are enough)

- do XMLRPC calls (but send cookies in the headers)

Would m2crypto be the right choice?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,480
Members
44,900
Latest member
Nell636132

Latest Threads

Top