SSLSocket.getpeercert() doesn't return issuer, serial number, etc
Gustavo Baratto
gbaratto at gmail.com
Wed Aug 15 21:57:32 EDT 2012
Hello there,
SSL.Socket.getpeercert() doesn't return essential information present in
the client certificate (issuer, serial number, not before, etc), and it
looks it is by design:
http://docs.python.org/library/ssl.html#ssl.SSLSocket.getpeercert
http://hg.python.org/cpython/file/b878df1d23b1/Modules/_ssl.c#l866
By deliberately removing all that information, further
verification/manipulation of the cert becomes impossible.
Revocation lists, OCSP, and any other extra layers of certificate checking
cannot be done properly without all the information in the cert being
available.
Is there anyway around this? There should be at least a flag for folks that
need all the information in the certificate.
Thanks!
g.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-list/attachments/20120815/5b7dfe89/attachment.html>
More information about the Python-list
mailing list