[issue18369] X509 cert class for ssl module

Fri, 12 Jan 2018 01:42:06 -0800 

Christian Heimes <[email protected]> added the comment:

More examples:

>>> import ssl, socket, pprint
>>> ctx = ssl.create_default_context()
>>> sock = ctx.wrap_socket(socket.socket(), server_hostname="www.python.org")
>>> sock.connect(("www.python.org", 443))
>>> pprint.pprint(sock._sslobj._sslobj.verified_chain())
(<_ssl.Certificate '/businessCategory=Private 
Organization/jurisdictionC=US/jurisdictionST=Delaware/serialNumber=3359300/street=16
 Allen Rd/postalCode=03894-4801/C=US/ST=New Hampshire/L=Wolfeboro/O=Python 
Software Foundation/CN=www.python.org'>,
 <_ssl.Certificate '/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 
Extended Validation Server CA'>,
 <_ssl.Certificate '/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High 
Assurance EV Root CA'>)

>>> eecert = sock._sslobj._sslobj.verified_chain()[0]
>>> eecert.check_hostname('www.python.org')
'www.python.org'
>>> eecert.check_hostname('www.python.com')
False

>>> cert = ssl.Certificate.from_file('wildcards-combined.rsa.pem')
>>> pprint.pprint(cert.get_info())
{'OCSP': ('http://testca.pythontest.net/ca/ocsp/pysubca',),
 'caIssuers': ('http://testca.pythontest.net/ca/pysubca.cer',),
 'crlDistributionPoints': ('http://testca.pythontest.net/ca/pysubca.crl',),
 'issuer': ((('countryName', 'XZ'),),
            (('stateOrProvinceName', 'Holy Grail'),),
            (('organizationName', 'Castle Anthrax'),),
            (('organizationalUnitName', 'Python Software Foundation'),),
            (('commonName', 'Python Tests Intermediate CA'),)),
 'notAfter': 'Jan  1 12:00:00 2027 GMT',
 'notBefore': 'Jan  1 12:00:00 2017 GMT',
 'serialNumber': '0A',
 'subject': ((('countryName', 'XZ'),),
             (('stateOrProvinceName', 'Holy Grail'),),
             (('organizationName', 'Castle Anthrax'),),
             (('organizationalUnitName', 'Python Software Foundation'),),
             (('commonName', 'Wildcards in SAN'),)),
 'subjectAltName': (('DNS', '*.wildcard.pythontest.net'),
                    ('DNS', 'www*.wildcard-www.pythontest.net'),
                    ('DNS', 'x*.wildcard-x.pythontest.net')),
 'version': 3}
>>> cert.check_hostname('www.wildcard.pythontest.net')
'*.wildcard.pythontest.net'

----------

_______________________________________
Python tracker <[email protected]>
<https://bugs.python.org/issue18369>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to