Obtaining SSL certificate info from SSL object - proposal
"Martin v. Löwis"
martin at v.loewis.de
Thu Dec 14 18:31:47 EST 2006
John Nagle schrieb:
> SSL certificates are trees, represented in a format, "ASN.1", which
> allows storing numbers, strings, and flags.
> Fields are identified by names or by assigned "OID numbers"
> (see RFC 2459).
>
> The tree is returned as tuples. The first element of the tuple
> is always a string giving the name of the field, and the second
> element is a string, Boolean, or number giving the value, or
> a list of more tuples. The result is a tree, which will
> resemble the tree typically displayed by browsers displaying
> SSL certificates.
That looks like a bad choice of interface to me. If you want to expose
the entire certificate, you should do that using as a single byte
string, encoded in DER. The way you are representing it, you are losing
information (e.g. whether the string type was IA5String,
PrintableString, UTF8String), and I thought your complaint was that
the current interfaces lose information, so you should not add an
interface that makes the same mistake it tries to overcome.
Regards,
Martin
More information about the Python-list
mailing list