On 2022-02-04, Kushal Kumaran <kus...@locationd.net> wrote: >> It's a troubleshooting utility for displaying a client's certificate. >> >>> Which kinds of client certificates do you want to permit >> >> All of them. Anything that's parsable as an X509 certificate no matter >> how "invalid" it is. >> > > Does `openssl x509 -in <filename> -text -noout` do what you want?
Where does <filename> come from? >> I just don't want it validated by the SSL layer: I want to print it >> out. That seems to be trivial to do for server certificates using >> "openssl s_client", but I can't find any way to do it for client >> certficates. > > In your place, I would simply use the openssl x509 command. How does the x509 command obtain the certificate from the client/server handshake? > If I wanted more/different info, I would write a script to load the > certificate and printed out the relevant info. How does one "load the certificate" from the client? > If this functionality must be provided by a server, > I would write it so that a certificate could be POSTed to > the server (without using client certificates), The problem is in getting the certificate is provided by the client during the handshake with the server. Don't worry about how to parse/print it -- I can deal with that. > I don't know how to use the stdlib's ssl module to do this kind of > parsing. I'm not asking about parsing x509 certificates. That's not the problem. The problem is _getting_ the client certificate that was provided during the client/server handshake. That's trivial if the handshake was successful. The problem is obtaining the client certificate when the handshake fails. I was hoping there was a way to disable client certificate validation so that the handshake will succeed and then allow me to get the client certificate from the connection object. -- Grant -- https://mail.python.org/mailman/listinfo/python-list
