joernheissler added the comment: Hi, I'd like to see this feature too.
My use case is a monitoring script to check the life time of the server certificate, including the chain. I would prefer to have a wrapper around SSL_get_peer_cert_chain. I understand that this is *not* a verified chain. That's okay. openssl-1.1 added a new function SSL_get0_verified_chain which may be safer for most applications. Is there any real difference to X509_STORE_CTX_get1_chain? If you're worried about people misusing these functions, add a warning in the docs and point them to "get_peer_verified_chain"? ---------- nosy: +joernheissler _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue18233> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com