Re: SSLSocket.getpeercert() doesn't return issuer, serial number, etc

[Gustavo Baratto]

Awesome guys! Thank you very much!

I ended up using "binary_form=True" and using M2Crypto to parse the cert.

Cheers,
g.

On Thu, Aug 16, 2012 at 4:48 AM, Antoine Pitrou  wrote:

>
> Hello,
>
> Gustavo Baratto  gmail.com> writes:
> >
> > SSL.Socket.getpeercert() doesn't return essential information present in
> the
> > client certificate (issuer, serial number, not before, etc), and it
> looks it is
> > by design:
>
> It does, in Python 3.2:
> http://docs.python.org/py3k/library/ssl.html#client-side-operation
>
> (although the getpeercert() doc should be updated to reflect this)
>
> If some information is still lacking from the returned value, please open
> an
> issue at http://bugs.python.org
>
> Regards
>
> Antoine.
>
>
> --
> Software development and contracting: http://pro.pitrou.net
>
>
> --
> http://mail.python.org/mailman/listinfo/python-list
>
-- 
http://mail.python.org/mailman/listinfo/python-list

SSLSocket.getpeercert() doesn't return issuer, serial number, etc

[Gustavo Baratto]

Hello there,

SSL.Socket.getpeercert() doesn't return essential information present in
the client certificate (issuer, serial number, not before, etc), and it
looks it is by design:

http://docs.python.org/library/ssl.html#ssl.SSLSocket.getpeercert
http://hg.python.org/cpython/file/b878df1d23b1/Modules/_ssl.c#l866

By deliberately removing all that information, further
verification/manipulation of the cert becomes impossible.
Revocation lists, OCSP, and any other extra layers of certificate checking
cannot be done properly without all the information in the cert being
available.

Is there anyway around this? There should be at least a flag for folks that
need all the information in the certificate.

Thanks!
g.
-- 
http://mail.python.org/mailman/listinfo/python-list