SSLsocket.getpeercert - request to return ALL the fields of the certificate.
John Nagle
nagle at animats.com
Wed Nov 12 23:39:50 EST 2014
In each revision of "getpeercert", a few more fields are returned.
Python 3.2 added "issuer" and "notBefore". Python 3.4 added
"crlDistributionPoints", "caIssuers", and OCSP URLS. But some fields
still aren't returned. I happen to need CertificatePolicies, which
is how you distinguish DV, OV, and EV certs.
Here's what you get now:
{'OCSP': ('http://EVSecure-ocsp.verisign.com',),
'caIssuers': ('http://EVSecure-aia.verisign.com/EVSecure2006.cer',),
'crlDistributionPoints':
('http://EVSecure-crl.verisign.com/EVSecure2006.crl',),
'issuer': ((('countryName', 'US'),),
(('organizationName', 'VeriSign, Inc.'),),
(('organizationalUnitName', 'VeriSign Trust Network'),),
(('organizationalUnitName',
'Terms of use at https://www.verisign.com/rpa (c)06'),),
(('commonName', 'VeriSign Class 3 Extended Validation SSL
CA'),)),
'notAfter': 'Mar 22 23:59:59 2015 GMT',
'notBefore': 'Feb 20 00:00:00 2014 GMT',
'serialNumber': '69A7BC85C106DDE1CF4FA47D5ED813DC',
'subject': ((('1.3.6.1.4.1.311.60.2.1.3', 'US'),),
(('1.3.6.1.4.1.311.60.2.1.2', 'Delaware'),),
(('businessCategory', 'Private Organization'),),
(('serialNumber', '2927442'),),
(('countryName', 'US'),),
(('postalCode', '60603'),),
(('stateOrProvinceName', 'Illinois'),),
(('localityName', 'Chicago'),),
(('streetAddress', '135 S La Salle St'),),
(('organizationName', 'Bank of America Corporation'),),
(('organizationalUnitName', 'Network Infrastructure'),),
(('commonName', 'www.bankofamerica.com'),)),
'subjectAltName': (('DNS', 'mobile.bankofamerica.com'),
('DNS', 'www.bankofamerica.com')),
'version': 3}
How about just returning ALL the remaining fields and finishing
the job? Thanks.
John Nagle
More information about the Python-list
mailing list