[issue18233] SSLSocket.getpeercertchain()
Nathaniel Smith
report at bugs.python.org
Tue Nov 26 19:13:37 EST 2019
Nathaniel Smith <njs at pobox.com> added the comment:
There's another important use case for this, that hasn't been discussed here. If you want to use openssl for TLS + the system trust store to verify certificates, then you need to disable openssl's certificate validation, perform the handshake, and then extract the certificate chain that there peer sent and pass it to the system native APIs to validate.
For this case, we don't need to do any validation or resolution on the chain – we just want to pull out the DER that the peer sent. AFAICT, the lack of this functionality is the one major blocker to using the system trust store with the 'ssl' module.
----------
nosy: +njs
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue18233>
_______________________________________
More information about the Python-bugs-list
mailing list