[New-bugs-announce] [issue31892] ssl.get_server_certificate should allow specifying certificate / key type
Hanno Boeck
report at bugs.python.org
Sun Oct 29 05:59:06 EDT 2017
New submission from Hanno Boeck <hanno at hboeck.de>:
The function ssl.get_server_certificate() from the ssl module is supposed to allow fetching the certificate of a TLS server.
However in its current form it provides no way to specify a key type. Many popular hosts (e.g. facebook, google) support both ECDSA and RSA these days, depending on the cipher suites one uses to try to connect to them.
If one wants to fetch the RSA certificate of e.g. facbeook this is not possible with the current python ssl module, as it will always output the ECDSA certificate. One can create a connection with an SSLContext that has only RSA ciphers set, but it's not possible to get the certificate out of an SSLContext. And the get_server_certificate function provides neither a way to bind it to a context nor a way to specify ciphers or key types.
I think there should be an optional parameter to get_server_certificate that allows asking for a specific key type.
----------
assignee: christian.heimes
components: SSL
messages: 305182
nosy: christian.heimes, hanno
priority: normal
severity: normal
status: open
title: ssl.get_server_certificate should allow specifying certificate / key type
type: enhancement
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue31892>
_______________________________________
More information about the New-bugs-announce
mailing list