From kayne.lu at gmail.com Wed Jul 1 16:03:10 2015 From: kayne.lu at gmail.com (Kai Lu) Date: Wed, 1 Jul 2015 16:03:10 +0200 Subject: [Cryptography-dev] How to retrieve the certificates Message-ID: Hi, Could anyone please tell me how to get each certificate (like "begin ... end") in the cert chain by using "peercertchain = conn.get_peer_cert_chain()"? I use PyOpenssl package. The command line like openssl s_client -showcerts -connect XXXX:443 2>/dev/null can print out what I need, but I want to use PyOpenssl package or other packages to implement it in the Python programs other than calling command line from Python code. I would be appreciated if anyone had any ideas how to implement it. Cheers, Kayne -------------- next part -------------- An HTML attachment was scrubbed... URL: From vladimir.didenko at gmail.com Wed Jul 1 16:12:52 2015 From: vladimir.didenko at gmail.com (Vladimir Didenko) Date: Wed, 1 Jul 2015 17:12:52 +0300 Subject: [Cryptography-dev] How to retrieve the certificates In-Reply-To: References: Message-ID: 2015-07-01 17:03 GMT+03:00 Kai Lu: > Hi, > > Could anyone please tell me how to get each certificate (like "begin > ... end") in the cert chain by using "peercertchain = > conn.get_peer_cert_chain()"? I use PyOpenssl package. The command line > like openssl s_client -showcerts -connect XXXX:443 2>/dev/null can print > out what I need, but I want to use PyOpenssl package or other packages to > implement it in the Python programs other than calling command line from > Python code. > I don't understand what is a problem. conn.get_peer_cert_chain returns usual Python list of X509 objects. Each object is certificate. If you need PEM format you can use crypto.dump_certificate function. -- Regards, Vladimir. -------------- next part -------------- An HTML attachment was scrubbed... URL: From kayne.lu at gmail.com Wed Jul 1 16:29:41 2015 From: kayne.lu at gmail.com (Kai Lu) Date: Wed, 1 Jul 2015 16:29:41 +0200 Subject: [Cryptography-dev] How to retrieve the certificates In-Reply-To: References: Message-ID: Hi Vladimir, Thanks for your reply! What I need is .PEM format. Could you please provide an example about how to use OpenSSL.crypto.dump_certificate(*type*, *cert*)? Cheers, Kayne. On Wed, Jul 1, 2015 at 4:12 PM, Vladimir Didenko wrote: > 2015-07-01 17:03 GMT+03:00 Kai Lu: > >> Hi, >> >> Could anyone please tell me how to get each certificate (like "begin >> ... end") in the cert chain by using "peercertchain = >> conn.get_peer_cert_chain()"? I use PyOpenssl package. The command line >> like openssl s_client -showcerts -connect XXXX:443 2>/dev/null can print >> out what I need, but I want to use PyOpenssl package or other packages to >> implement it in the Python programs other than calling command line from >> Python code. >> > > I don't understand what is a problem. conn.get_peer_cert_chain returns > usual Python list of X509 objects. Each object is certificate. If you need > PEM format you can use crypto.dump_certificate function. > > > -- > Regards, > Vladimir. > > _______________________________________________ > Cryptography-dev mailing list > Cryptography-dev at python.org > https://mail.python.org/mailman/listinfo/cryptography-dev > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From kayne.lu at gmail.com Wed Jul 1 16:34:51 2015 From: kayne.lu at gmail.com (Kai Lu) Date: Wed, 1 Jul 2015 16:34:51 +0200 Subject: [Cryptography-dev] How to retrieve the certificates In-Reply-To: References: Message-ID: Hi Vladimir, The following outputs are what I want: openssl s_client -showcerts -connect www.google.com:443 2>/dev/null CONNECTED(00000003) --- Certificate chain 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com i:/C=US/O=Google Inc/CN=Google Internet Authority G2 *-----BEGIN CERTIFICATE-----* *MIIEdjCCA16gAwIBAgIIGauXbnwTccIwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE* *BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl* *cm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwNjE4MDg1MjU2WhcNMTUwOTE2MDAwMDAw* *WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN* *TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UEAwwOd3d3* *Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKqVwD* *tAdntIdi6/bTxyzrCWEHaqqr+DAs07w5OnAlLUTplLSsEoRQJApVVhXjDbgssVs8* *xvaM8Y+7/MPsnyHuxMmk/C+LAuvOpcW4yVtOM+50kVz3Htb3fN7Q0RHqbMUNjAuM* *tC+Kwbs+HqEsHTAxwWvcypvrSC2pGfz/gTy4723wi5EC+ekHKCft5ph8NOfvnOo7* *E88xquN9lpU/710fhsUs7b8gSzlqIKpkNvIQR81ZnNCJ68ERw6XVrBcp9/8BnaXR* *Gk7BW6jTTLGLp2CsEsLPxlJGiAKPNBprMa3ub219HSLchH7inf7y2Q2gSkjWPjMu* *tkrU3qFY1Zybw7irAgMBAAGjggFBMIIBPTAdBgNVHSUEFjAUBggrBgEFBQcDAQYI* *KwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYBBQUHAQEE* *XDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3J0* *MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9vY3NwMB0G* *A1UdDgQWBBQU2aHhkUAk8wPx0PpJZxFS5CBoVDAMBgNVHRMBAf8EAjAAMB8GA1Ud* *IwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1UdIAQQMA4wDAYKKwYBBAHW* *eQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB* *RzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQBxXQdynpvBsOe3YVbZTSXfpJz9vBDB* *LCE4wuKBZof2yZUU6JlAuJdYaJ1c1ulaVkRRXG+aWET9FepkPEBVIcKEFCaR24Uv* *RWvcgMT02eAAyrs9D8010C670yA0q/rs6V0EMPzo6u7mKuj1jviRC7r5MgLmBDxW* *rF6alaM7CdiLCopi84uR44cshfOtMz94jcZO3FLNuRZmq8alVuWyS3F2utiy+Ge3* *GtcrbeFzD9uPLwgH0VkqW4pQjAFwqLkvmB/See/5j1gZPGpZpYW1KM0xnP8b4mo2* *Misqw5uB5TqigipttTMAiA4IdJnOkV1EUmfzrEjRkkSVb0c7OZURHd45* -----END CERTIFICATE----- 1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2 i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA *-----BEGIN CERTIFICATE-----* *MIID8DCCAtigAwIBAgIDAjp2MA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT* *MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i* *YWwgQ0EwHhcNMTMwNDA1MTUxNTU1WhcNMTYxMjMxMjM1OTU5WjBJMQswCQYDVQQG* *EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy* *bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB* *AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP* *VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv* *h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE* *ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ* *EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC* *DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7* *qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wEgYD* *VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwNQYDVR0fBC4wLDAqoCig* *JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMC4GCCsGAQUF* *BwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDovL2cuc3ltY2QuY29tMBcGA1UdIAQQ* *MA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0BAQUFAAOCAQEAJ4zP6cc7vsBv6JaE* *+5xcXZDkd9uLMmCbZdiFJrW6nx7eZE4fxsggWwmfq6ngCTRFomUlNz1/Wm8gzPn6* *8R2PEAwCOsTJAXaWvpv5Fdg50cUDR3a4iowx1mDV5I/b+jzG1Zgo+ByPF5E0y8tS* *etH7OiDk4Yax2BgPvtaHZI3FCiVCUe+yOLjgHdDh/Ob0r0a678C/xbQF9ZR1DP6i* *vgK66oZb+TWzZvXFjYWhGiN3GhkXVBNgnwvhtJwoKvmuAjRtJZOcgqgXe/GFsNMP* *WOH7sf6coaPo/ck/9Ndx3L2MpBngISMjVROPpBYCCX65r+7bU2S9cS+5Oc4wt7S8* *VOBHBw==* *-----END CERTIFICATE-----* 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority *-----BEGIN CERTIFICATE-----* *MIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT* *MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0* *aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQwMDAw* *WjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UE* *AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB* *CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9m* *OSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIu* *T8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6c* *JmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmR* *Cw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5asz* *PeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjm* *aPkr0rKV10fYIyAQTzOYkJ/UMB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrM* *TjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA6BgNVHR8EMzAxMC+g* *LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDBO* *BgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR0cHM6Ly93d3cuZ2Vv* *dHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQEBBQUAA4GB* *AHbhEm5OSxYShjAGsoEIz/AIx8dxfmbuwu3UOx//8PDITtZDOLC5MH0Y0FWDomrL* *NhGc6Ehmo21/uBPUR/6LWlxz/K7ZGzIZOKuXNBSqltLroxwUCEm2u+WR74M26x1W* *b8ravHNjkOR/ez4iyz0H7V84dJzjA1BOoa+Y7mHyhD8S* *-----END CERTIFICATE-----* --- Server certificate subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com issuer=/C=US/O=Google Inc/CN=Google Internet Authority G2 --- No client certificate CA names sent Server Temp Key: ECDH, prime256v1, 256 bits --- SSL handshake has read 3719 bytes and written 375 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES128-GCM-SHA256 Session-ID: CE335417E6C47BEA5F638FD712963403AA915EA2B07A630EFD0ACA6C30FB92E7 Session-ID-ctx: Master-Key: 228675E99ACA98666180FBDF8DDFB051301DE91FBFBEC7FE2F5684CF702971E55C1C66F0463D4B547788689F28278281 Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None TLS session ticket lifetime hint: 100800 (seconds) TLS session ticket: 0000 - 46 28 de 0a c1 94 a1 91-bb d9 ee 40 f8 7e 6e f3 F(......... at .~n. 0010 - fc 26 3e 26 bd 35 1c bd-d7 8c ee 88 9f 37 52 b8 .&>&.5.......7R. 0020 - 14 b4 ba 92 87 15 01 ed-aa bf 54 4d fb df f9 7b ..........TM...{ 0030 - 5c 62 a9 a2 45 f1 09 15-83 b3 34 7e e8 87 d9 58 \b..E.....4~...X 0040 - 36 fe e8 29 4a c7 7d ec-38 d5 66 d2 c7 89 21 05 6..)J.}.8.f...!. 0050 - 7b 65 d5 e4 69 36 bb ea-9a 32 36 54 31 e5 61 f9 {e..i6...26T1.a. 0060 - 19 7c 75 8d 63 25 53 c5-cb 4b ca 24 cd 96 a8 cd .|u.c%S..K.$.... 0070 - 59 d3 63 a0 1e fa a4 32-16 ed ae aa e5 23 39 35 Y.c....2.....#95 0080 - 60 f8 c5 56 8f 09 1d 61-7c ed 30 fa b4 a9 8c 4f `..V...a|.0....O 0090 - 40 c2 c4 8b 2a 2b 38 34-d9 df 85 72 67 42 e4 71 @...*+84...rgB.q 00a0 - 76 3b b4 1e v;.. Start Time: 1435761117 Timeout : 300 (sec) Verify return code: 0 (ok) Cheers, Kayne. On Wed, Jul 1, 2015 at 4:29 PM, Kai Lu wrote: > Hi Vladimir, > > Thanks for your reply! > > What I need is .PEM format. Could you please provide an example about > how to use OpenSSL.crypto.dump_certificate(*type*, *cert*)? > > Cheers, > Kayne. > > > > On Wed, Jul 1, 2015 at 4:12 PM, Vladimir Didenko < > vladimir.didenko at gmail.com> wrote: > >> 2015-07-01 17:03 GMT+03:00 Kai Lu: >> >>> Hi, >>> >>> Could anyone please tell me how to get each certificate (like "begin >>> ... end") in the cert chain by using "peercertchain = >>> conn.get_peer_cert_chain()"? I use PyOpenssl package. The command line >>> like openssl s_client -showcerts -connect XXXX:443 2>/dev/null can print >>> out what I need, but I want to use PyOpenssl package or other packages to >>> implement it in the Python programs other than calling command line from >>> Python code. >>> >> >> I don't understand what is a problem. conn.get_peer_cert_chain returns >> usual Python list of X509 objects. Each object is certificate. If you need >> PEM format you can use crypto.dump_certificate function. >> >> >> -- >> Regards, >> Vladimir. >> >> _______________________________________________ >> Cryptography-dev mailing list >> Cryptography-dev at python.org >> https://mail.python.org/mailman/listinfo/cryptography-dev >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From kayne.lu at gmail.com Wed Jul 1 16:45:37 2015 From: kayne.lu at gmail.com (Kai Lu) Date: Wed, 1 Jul 2015 16:45:37 +0200 Subject: [Cryptography-dev] How to retrieve the certificates In-Reply-To: References: Message-ID: Hi Vladimir, I just tried below (the usage syntax might be wrong), and nothing is printed out. ++++++ peercertchain = conn.get_peer_cert_chain() print "\n\npeer cert chain:\n" for cert in peercertchain: OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM,cert) +++++++ Cheers, Kayne. On Wed, Jul 1, 2015 at 4:34 PM, Kai Lu wrote: > Hi Vladimir, > > The following outputs are what I want: > > openssl s_client -showcerts -connect www.google.com:443 2>/dev/null > > CONNECTED(00000003) > > --- > > Certificate chain > > 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com > > i:/C=US/O=Google Inc/CN=Google Internet Authority G2 > > *-----BEGIN CERTIFICATE-----* > > *MIIEdjCCA16gAwIBAgIIGauXbnwTccIwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE* > > *BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl* > > *cm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwNjE4MDg1MjU2WhcNMTUwOTE2MDAwMDAw* > > *WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN* > > *TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UEAwwOd3d3* > > *Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKqVwD* > > *tAdntIdi6/bTxyzrCWEHaqqr+DAs07w5OnAlLUTplLSsEoRQJApVVhXjDbgssVs8* > > *xvaM8Y+7/MPsnyHuxMmk/C+LAuvOpcW4yVtOM+50kVz3Htb3fN7Q0RHqbMUNjAuM* > > *tC+Kwbs+HqEsHTAxwWvcypvrSC2pGfz/gTy4723wi5EC+ekHKCft5ph8NOfvnOo7* > > *E88xquN9lpU/710fhsUs7b8gSzlqIKpkNvIQR81ZnNCJ68ERw6XVrBcp9/8BnaXR* > > *Gk7BW6jTTLGLp2CsEsLPxlJGiAKPNBprMa3ub219HSLchH7inf7y2Q2gSkjWPjMu* > > *tkrU3qFY1Zybw7irAgMBAAGjggFBMIIBPTAdBgNVHSUEFjAUBggrBgEFBQcDAQYI* > > *KwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYBBQUHAQEE* > > *XDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3J0* > > *MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9vY3NwMB0G* > > *A1UdDgQWBBQU2aHhkUAk8wPx0PpJZxFS5CBoVDAMBgNVHRMBAf8EAjAAMB8GA1Ud* > > *IwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1UdIAQQMA4wDAYKKwYBBAHW* > > *eQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB* > > *RzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQBxXQdynpvBsOe3YVbZTSXfpJz9vBDB* > > *LCE4wuKBZof2yZUU6JlAuJdYaJ1c1ulaVkRRXG+aWET9FepkPEBVIcKEFCaR24Uv* > > *RWvcgMT02eAAyrs9D8010C670yA0q/rs6V0EMPzo6u7mKuj1jviRC7r5MgLmBDxW* > > *rF6alaM7CdiLCopi84uR44cshfOtMz94jcZO3FLNuRZmq8alVuWyS3F2utiy+Ge3* > > *GtcrbeFzD9uPLwgH0VkqW4pQjAFwqLkvmB/See/5j1gZPGpZpYW1KM0xnP8b4mo2* > > *Misqw5uB5TqigipttTMAiA4IdJnOkV1EUmfzrEjRkkSVb0c7OZURHd45* > > -----END CERTIFICATE----- > > 1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2 > > i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA > > *-----BEGIN CERTIFICATE-----* > > *MIID8DCCAtigAwIBAgIDAjp2MA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT* > > *MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i* > > *YWwgQ0EwHhcNMTMwNDA1MTUxNTU1WhcNMTYxMjMxMjM1OTU5WjBJMQswCQYDVQQG* > > *EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy* > > *bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB* > > *AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP* > > *VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv* > > *h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE* > > *ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ* > > *EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC* > > *DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7* > > *qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wEgYD* > > *VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwNQYDVR0fBC4wLDAqoCig* > > *JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMC4GCCsGAQUF* > > *BwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDovL2cuc3ltY2QuY29tMBcGA1UdIAQQ* > > *MA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0BAQUFAAOCAQEAJ4zP6cc7vsBv6JaE* > > *+5xcXZDkd9uLMmCbZdiFJrW6nx7eZE4fxsggWwmfq6ngCTRFomUlNz1/Wm8gzPn6* > > *8R2PEAwCOsTJAXaWvpv5Fdg50cUDR3a4iowx1mDV5I/b+jzG1Zgo+ByPF5E0y8tS* > > *etH7OiDk4Yax2BgPvtaHZI3FCiVCUe+yOLjgHdDh/Ob0r0a678C/xbQF9ZR1DP6i* > > *vgK66oZb+TWzZvXFjYWhGiN3GhkXVBNgnwvhtJwoKvmuAjRtJZOcgqgXe/GFsNMP* > > *WOH7sf6coaPo/ck/9Ndx3L2MpBngISMjVROPpBYCCX65r+7bU2S9cS+5Oc4wt7S8* > > *VOBHBw==* > > *-----END CERTIFICATE-----* > > 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA > > i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority > > *-----BEGIN CERTIFICATE-----* > > *MIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT* > > *MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0* > > *aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQwMDAw* > > *WjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UE* > > *AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB* > > *CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9m* > > *OSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIu* > > *T8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6c* > > *JmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmR* > > *Cw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5asz* > > *PeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjm* > > *aPkr0rKV10fYIyAQTzOYkJ/UMB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrM* > > *TjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA6BgNVHR8EMzAxMC+g* > > *LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDBO* > > *BgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR0cHM6Ly93d3cuZ2Vv* > > *dHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQEBBQUAA4GB* > > *AHbhEm5OSxYShjAGsoEIz/AIx8dxfmbuwu3UOx//8PDITtZDOLC5MH0Y0FWDomrL* > > *NhGc6Ehmo21/uBPUR/6LWlxz/K7ZGzIZOKuXNBSqltLroxwUCEm2u+WR74M26x1W* > > *b8ravHNjkOR/ez4iyz0H7V84dJzjA1BOoa+Y7mHyhD8S* > > *-----END CERTIFICATE-----* > > --- > > Server certificate > > subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com > > issuer=/C=US/O=Google Inc/CN=Google Internet Authority G2 > > --- > > No client certificate CA names sent > > Server Temp Key: ECDH, prime256v1, 256 bits > > --- > > SSL handshake has read 3719 bytes and written 375 bytes > > --- > > New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256 > > Server public key is 2048 bit > > Secure Renegotiation IS supported > > Compression: NONE > > Expansion: NONE > > SSL-Session: > > Protocol : TLSv1.2 > > Cipher : ECDHE-RSA-AES128-GCM-SHA256 > > Session-ID: > CE335417E6C47BEA5F638FD712963403AA915EA2B07A630EFD0ACA6C30FB92E7 > > Session-ID-ctx: > > Master-Key: > 228675E99ACA98666180FBDF8DDFB051301DE91FBFBEC7FE2F5684CF702971E55C1C66F0463D4B547788689F28278281 > > Key-Arg : None > > Krb5 Principal: None > > PSK identity: None > > PSK identity hint: None > > TLS session ticket lifetime hint: 100800 (seconds) > > TLS session ticket: > > 0000 - 46 28 de 0a c1 94 a1 91-bb d9 ee 40 f8 7e 6e f3 > F(......... at .~n. > > 0010 - fc 26 3e 26 bd 35 1c bd-d7 8c ee 88 9f 37 52 b8 > .&>&.5.......7R. > > 0020 - 14 b4 ba 92 87 15 01 ed-aa bf 54 4d fb df f9 7b > ..........TM...{ > > 0030 - 5c 62 a9 a2 45 f1 09 15-83 b3 34 7e e8 87 d9 58 > \b..E.....4~...X > > 0040 - 36 fe e8 29 4a c7 7d ec-38 d5 66 d2 c7 89 21 05 > 6..)J.}.8.f...!. > > 0050 - 7b 65 d5 e4 69 36 bb ea-9a 32 36 54 31 e5 61 f9 > {e..i6...26T1.a. > > 0060 - 19 7c 75 8d 63 25 53 c5-cb 4b ca 24 cd 96 a8 cd > .|u.c%S..K.$.... > > 0070 - 59 d3 63 a0 1e fa a4 32-16 ed ae aa e5 23 39 35 > Y.c....2.....#95 > > 0080 - 60 f8 c5 56 8f 09 1d 61-7c ed 30 fa b4 a9 8c 4f > `..V...a|.0....O > > 0090 - 40 c2 c4 8b 2a 2b 38 34-d9 df 85 72 67 42 e4 71 > @...*+84...rgB.q > > 00a0 - 76 3b b4 1e v;.. > > > Start Time: 1435761117 > > Timeout : 300 (sec) > > Verify return code: 0 (ok) > > Cheers, > Kayne. > > On Wed, Jul 1, 2015 at 4:29 PM, Kai Lu wrote: > >> Hi Vladimir, >> >> Thanks for your reply! >> >> What I need is .PEM format. Could you please provide an example >> about how to use OpenSSL.crypto.dump_certificate(*type*, *cert*)? >> >> Cheers, >> Kayne. >> >> >> >> On Wed, Jul 1, 2015 at 4:12 PM, Vladimir Didenko < >> vladimir.didenko at gmail.com> wrote: >> >>> 2015-07-01 17:03 GMT+03:00 Kai Lu: >>> >>>> Hi, >>>> >>>> Could anyone please tell me how to get each certificate (like >>>> "begin ... end") in the cert chain by using "peercertchain = >>>> conn.get_peer_cert_chain()"? I use PyOpenssl package. The command line >>>> like openssl s_client -showcerts -connect XXXX:443 2>/dev/null can print >>>> out what I need, but I want to use PyOpenssl package or other packages to >>>> implement it in the Python programs other than calling command line from >>>> Python code. >>>> >>> >>> I don't understand what is a problem. conn.get_peer_cert_chain returns >>> usual Python list of X509 objects. Each object is certificate. If you need >>> PEM format you can use crypto.dump_certificate function. >>> >>> >>> -- >>> Regards, >>> Vladimir. >>> >>> _______________________________________________ >>> Cryptography-dev mailing list >>> Cryptography-dev at python.org >>> https://mail.python.org/mailman/listinfo/cryptography-dev >>> >>> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From kayne.lu at gmail.com Wed Jul 1 16:54:12 2015 From: kayne.lu at gmail.com (Kai Lu) Date: Wed, 1 Jul 2015 16:54:12 +0200 Subject: [Cryptography-dev] How to retrieve the certificates In-Reply-To: References: Message-ID: Hi Vladimir, Sorry. I made a mistake. I forgot to print "OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM,cert)". Now, it is doing what I want. Many thanks for your help!!! Cheers, Kayne. On Wed, Jul 1, 2015 at 4:45 PM, Kai Lu wrote: > Hi Vladimir, > > I just tried below (the usage syntax might be wrong), and nothing is > printed out. > > ++++++ > > peercertchain = conn.get_peer_cert_chain() > > > print "\n\npeer cert chain:\n" > > for cert in peercertchain: > > OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM,cert) > > +++++++ > > > Cheers, > > Kayne. > > On Wed, Jul 1, 2015 at 4:34 PM, Kai Lu wrote: > >> Hi Vladimir, >> >> The following outputs are what I want: >> >> openssl s_client -showcerts -connect www.google.com:443 2>/dev/null >> >> CONNECTED(00000003) >> >> --- >> >> Certificate chain >> >> 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com >> >> i:/C=US/O=Google Inc/CN=Google Internet Authority G2 >> >> *-----BEGIN CERTIFICATE-----* >> >> *MIIEdjCCA16gAwIBAgIIGauXbnwTccIwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE* >> >> *BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl* >> >> *cm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwNjE4MDg1MjU2WhcNMTUwOTE2MDAwMDAw* >> >> *WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN* >> >> *TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UEAwwOd3d3* >> >> *Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKqVwD* >> >> *tAdntIdi6/bTxyzrCWEHaqqr+DAs07w5OnAlLUTplLSsEoRQJApVVhXjDbgssVs8* >> >> *xvaM8Y+7/MPsnyHuxMmk/C+LAuvOpcW4yVtOM+50kVz3Htb3fN7Q0RHqbMUNjAuM* >> >> *tC+Kwbs+HqEsHTAxwWvcypvrSC2pGfz/gTy4723wi5EC+ekHKCft5ph8NOfvnOo7* >> >> *E88xquN9lpU/710fhsUs7b8gSzlqIKpkNvIQR81ZnNCJ68ERw6XVrBcp9/8BnaXR* >> >> *Gk7BW6jTTLGLp2CsEsLPxlJGiAKPNBprMa3ub219HSLchH7inf7y2Q2gSkjWPjMu* >> >> *tkrU3qFY1Zybw7irAgMBAAGjggFBMIIBPTAdBgNVHSUEFjAUBggrBgEFBQcDAQYI* >> >> *KwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYBBQUHAQEE* >> >> *XDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3J0* >> >> *MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9vY3NwMB0G* >> >> *A1UdDgQWBBQU2aHhkUAk8wPx0PpJZxFS5CBoVDAMBgNVHRMBAf8EAjAAMB8GA1Ud* >> >> *IwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1UdIAQQMA4wDAYKKwYBBAHW* >> >> *eQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB* >> >> *RzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQBxXQdynpvBsOe3YVbZTSXfpJz9vBDB* >> >> *LCE4wuKBZof2yZUU6JlAuJdYaJ1c1ulaVkRRXG+aWET9FepkPEBVIcKEFCaR24Uv* >> >> *RWvcgMT02eAAyrs9D8010C670yA0q/rs6V0EMPzo6u7mKuj1jviRC7r5MgLmBDxW* >> >> *rF6alaM7CdiLCopi84uR44cshfOtMz94jcZO3FLNuRZmq8alVuWyS3F2utiy+Ge3* >> >> *GtcrbeFzD9uPLwgH0VkqW4pQjAFwqLkvmB/See/5j1gZPGpZpYW1KM0xnP8b4mo2* >> >> *Misqw5uB5TqigipttTMAiA4IdJnOkV1EUmfzrEjRkkSVb0c7OZURHd45* >> >> -----END CERTIFICATE----- >> >> 1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2 >> >> i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA >> >> *-----BEGIN CERTIFICATE-----* >> >> *MIID8DCCAtigAwIBAgIDAjp2MA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT* >> >> *MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i* >> >> *YWwgQ0EwHhcNMTMwNDA1MTUxNTU1WhcNMTYxMjMxMjM1OTU5WjBJMQswCQYDVQQG* >> >> *EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy* >> >> *bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB* >> >> *AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP* >> >> *VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv* >> >> *h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE* >> >> *ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ* >> >> *EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC* >> >> *DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7* >> >> *qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wEgYD* >> >> *VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwNQYDVR0fBC4wLDAqoCig* >> >> *JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMC4GCCsGAQUF* >> >> *BwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDovL2cuc3ltY2QuY29tMBcGA1UdIAQQ* >> >> *MA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0BAQUFAAOCAQEAJ4zP6cc7vsBv6JaE* >> >> *+5xcXZDkd9uLMmCbZdiFJrW6nx7eZE4fxsggWwmfq6ngCTRFomUlNz1/Wm8gzPn6* >> >> *8R2PEAwCOsTJAXaWvpv5Fdg50cUDR3a4iowx1mDV5I/b+jzG1Zgo+ByPF5E0y8tS* >> >> *etH7OiDk4Yax2BgPvtaHZI3FCiVCUe+yOLjgHdDh/Ob0r0a678C/xbQF9ZR1DP6i* >> >> *vgK66oZb+TWzZvXFjYWhGiN3GhkXVBNgnwvhtJwoKvmuAjRtJZOcgqgXe/GFsNMP* >> >> *WOH7sf6coaPo/ck/9Ndx3L2MpBngISMjVROPpBYCCX65r+7bU2S9cS+5Oc4wt7S8* >> >> *VOBHBw==* >> >> *-----END CERTIFICATE-----* >> >> 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA >> >> i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority >> >> *-----BEGIN CERTIFICATE-----* >> >> *MIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT* >> >> *MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0* >> >> *aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQwMDAw* >> >> *WjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UE* >> >> *AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB* >> >> *CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9m* >> >> *OSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIu* >> >> *T8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6c* >> >> *JmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmR* >> >> *Cw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5asz* >> >> *PeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjm* >> >> *aPkr0rKV10fYIyAQTzOYkJ/UMB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrM* >> >> *TjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA6BgNVHR8EMzAxMC+g* >> >> *LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDBO* >> >> *BgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR0cHM6Ly93d3cuZ2Vv* >> >> *dHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQEBBQUAA4GB* >> >> *AHbhEm5OSxYShjAGsoEIz/AIx8dxfmbuwu3UOx//8PDITtZDOLC5MH0Y0FWDomrL* >> >> *NhGc6Ehmo21/uBPUR/6LWlxz/K7ZGzIZOKuXNBSqltLroxwUCEm2u+WR74M26x1W* >> >> *b8ravHNjkOR/ez4iyz0H7V84dJzjA1BOoa+Y7mHyhD8S* >> >> *-----END CERTIFICATE-----* >> >> --- >> >> Server certificate >> >> subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN= >> www.google.com >> >> issuer=/C=US/O=Google Inc/CN=Google Internet Authority G2 >> >> --- >> >> No client certificate CA names sent >> >> Server Temp Key: ECDH, prime256v1, 256 bits >> >> --- >> >> SSL handshake has read 3719 bytes and written 375 bytes >> >> --- >> >> New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256 >> >> Server public key is 2048 bit >> >> Secure Renegotiation IS supported >> >> Compression: NONE >> >> Expansion: NONE >> >> SSL-Session: >> >> Protocol : TLSv1.2 >> >> Cipher : ECDHE-RSA-AES128-GCM-SHA256 >> >> Session-ID: >> CE335417E6C47BEA5F638FD712963403AA915EA2B07A630EFD0ACA6C30FB92E7 >> >> Session-ID-ctx: >> >> Master-Key: >> 228675E99ACA98666180FBDF8DDFB051301DE91FBFBEC7FE2F5684CF702971E55C1C66F0463D4B547788689F28278281 >> >> Key-Arg : None >> >> Krb5 Principal: None >> >> PSK identity: None >> >> PSK identity hint: None >> >> TLS session ticket lifetime hint: 100800 (seconds) >> >> TLS session ticket: >> >> 0000 - 46 28 de 0a c1 94 a1 91-bb d9 ee 40 f8 7e 6e f3 >> F(......... at .~n. >> >> 0010 - fc 26 3e 26 bd 35 1c bd-d7 8c ee 88 9f 37 52 b8 >> .&>&.5.......7R. >> >> 0020 - 14 b4 ba 92 87 15 01 ed-aa bf 54 4d fb df f9 7b >> ..........TM...{ >> >> 0030 - 5c 62 a9 a2 45 f1 09 15-83 b3 34 7e e8 87 d9 58 >> \b..E.....4~...X >> >> 0040 - 36 fe e8 29 4a c7 7d ec-38 d5 66 d2 c7 89 21 05 >> 6..)J.}.8.f...!. >> >> 0050 - 7b 65 d5 e4 69 36 bb ea-9a 32 36 54 31 e5 61 f9 >> {e..i6...26T1.a. >> >> 0060 - 19 7c 75 8d 63 25 53 c5-cb 4b ca 24 cd 96 a8 cd >> .|u.c%S..K.$.... >> >> 0070 - 59 d3 63 a0 1e fa a4 32-16 ed ae aa e5 23 39 35 >> Y.c....2.....#95 >> >> 0080 - 60 f8 c5 56 8f 09 1d 61-7c ed 30 fa b4 a9 8c 4f >> `..V...a|.0....O >> >> 0090 - 40 c2 c4 8b 2a 2b 38 34-d9 df 85 72 67 42 e4 71 >> @...*+84...rgB.q >> >> 00a0 - 76 3b b4 1e v;.. >> >> >> Start Time: 1435761117 >> >> Timeout : 300 (sec) >> >> Verify return code: 0 (ok) >> >> Cheers, >> Kayne. >> >> On Wed, Jul 1, 2015 at 4:29 PM, Kai Lu wrote: >> >>> Hi Vladimir, >>> >>> Thanks for your reply! >>> >>> What I need is .PEM format. Could you please provide an example >>> about how to use OpenSSL.crypto.dump_certificate(*type*, *cert*)? >>> >>> Cheers, >>> Kayne. >>> >>> >>> >>> On Wed, Jul 1, 2015 at 4:12 PM, Vladimir Didenko < >>> vladimir.didenko at gmail.com> wrote: >>> >>>> 2015-07-01 17:03 GMT+03:00 Kai Lu: >>>> >>>>> Hi, >>>>> >>>>> Could anyone please tell me how to get each certificate (like >>>>> "begin ... end") in the cert chain by using "peercertchain = >>>>> conn.get_peer_cert_chain()"? I use PyOpenssl package. The command line >>>>> like openssl s_client -showcerts -connect XXXX:443 2>/dev/null can print >>>>> out what I need, but I want to use PyOpenssl package or other packages to >>>>> implement it in the Python programs other than calling command line from >>>>> Python code. >>>>> >>>> >>>> I don't understand what is a problem. conn.get_peer_cert_chain >>>> returns usual Python list of X509 objects. Each object is certificate. If >>>> you need PEM format you can use crypto.dump_certificate function. >>>> >>>> >>>> -- >>>> Regards, >>>> Vladimir. >>>> >>>> _______________________________________________ >>>> Cryptography-dev mailing list >>>> Cryptography-dev at python.org >>>> https://mail.python.org/mailman/listinfo/cryptography-dev >>>> >>>> >>> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From paul.l.kehrer at gmail.com Sat Jul 4 01:06:34 2015 From: paul.l.kehrer at gmail.com (Paul Kehrer) Date: Fri, 3 Jul 2015 18:06:34 -0500 Subject: [Cryptography-dev] PyCA cryptography 0.9.2 released Message-ID: Cryptography 0.9.2 has been released. This release updates the Windows wheels to use OpenSSL 1.0.2c and has no other changes. On behalf of the project, I'd like to apologize for the lateness of this release. Going forward we have automated tooling to help build 32-bit and 64-bit Windows libraries for OpenSSL so we can release more quickly and reliably. -Paul Kehrer (reaperhulk) -------------- next part -------------- An HTML attachment was scrubbed... URL: From paul.l.kehrer at gmail.com Thu Jul 9 16:47:02 2015 From: paul.l.kehrer at gmail.com (Paul Kehrer) Date: Thu, 9 Jul 2015 09:47:02 -0500 Subject: [Cryptography-dev] PyCA cryptography 0.9.3 released Message-ID: Cryptography 0.9.3 has been released. This release updates the Windows wheels to use OpenSSL 1.0.2d and has no other changes. -Paul Kehrer (reaperhulk) -------------- next part -------------- An HTML attachment was scrubbed... URL: From drew.fisher at oracle.com Tue Jul 14 20:45:26 2015 From: drew.fisher at oracle.com (Drew Fisher) Date: Tue, 14 Jul 2015 12:45:26 -0600 Subject: [Cryptography-dev] dumb question ... simple RSA ssh keys Message-ID: <55A558C6.5000609@oracle.com> Good afternoon! I'm trying to figure out how to replicate 'ssh-keygen -t rsa -b 2048 -q -N '' -C my_comment -f somefile' with cryptography v0.8.2. The best I've gotten to so far is from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives.asymmetric import rsa private_key = rsa.generate_private_key( public_exponent=65537, key_size=2048, backend=default_backend() ) public_key = private_key.public_key() private_pem = private_key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.NoEncryption() ) public_pem = public_key.public_bytes( encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo ) but when I put the public_pem content into a remote authorized_keys file, I get prompted for the passphrase and password of the key. Is it possible to replicate generation of simple ssh keys without passphrases via cryptography? Thanks! -Drew From paul.l.kehrer at gmail.com Wed Jul 15 04:19:44 2015 From: paul.l.kehrer at gmail.com (Paul Kehrer) Date: Tue, 14 Jul 2015 22:19:44 -0400 Subject: [Cryptography-dev] dumb question ... simple RSA ssh keys In-Reply-To: <55A558C6.5000609@oracle.com> References: <55A558C6.5000609@oracle.com> Message-ID: Hi Drew, At the moment we don't have a function for serialization to ssh public key. The base64 encoded data in an ssh RSA public key isn't actually a subjectPublicKeyInfo but instead documented in RFC 4253. (http://tools.ietf.org/html/rfc4253) We do plan to eventually support this serialization format but no one has tackled the work yet. -Paul Kehrer (reaperhulk) On July 14, 2015 at 7:01:18 PM, Drew Fisher (drew.fisher at oracle.com) wrote: Good afternoon! I'm trying to figure out how to replicate 'ssh-keygen -t rsa -b 2048 -q -N '' -C my_comment -f somefile' with cryptography v0.8.2. The best I've gotten to so far is from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives.asymmetric import rsa private_key = rsa.generate_private_key( public_exponent=65537, key_size=2048, backend=default_backend() ) public_key = private_key.public_key() private_pem = private_key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.NoEncryption() ) public_pem = public_key.public_bytes( encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo ) but when I put the public_pem content into a remote authorized_keys file, I get prompted for the passphrase and password of the key. Is it possible to replicate generation of simple ssh keys without passphrases via cryptography? Thanks! -Drew _______________________________________________ Cryptography-dev mailing list Cryptography-dev at python.org https://mail.python.org/mailman/listinfo/cryptography-dev -------------- next part -------------- An HTML attachment was scrubbed... URL: