SSLsocket.getpeercert - request to return ALL the fields of the certificate.
Ethan Furman
ethan at stoneleaf.us
Wed Nov 12 23:52:19 EST 2014
On 11/12/2014 08:39 PM, John Nagle wrote:
> In each revision of "getpeercert", a few more fields are returned.
> Python 3.2 added "issuer" and "notBefore". Python 3.4 added
> "crlDistributionPoints", "caIssuers", and OCSP URLS. But some fields
> still aren't returned. I happen to need CertificatePolicies, which
> is how you distinguish DV, OV, and EV certs.
>
> Here's what you get now:
>
> {'OCSP': ('http://EVSecure-ocsp.verisign.com',),
> 'caIssuers': ('http://EVSecure-aia.verisign.com/EVSecure2006.cer',),
> 'crlDistributionPoints':
> ('http://EVSecure-crl.verisign.com/EVSecure2006.crl',),
> 'issuer': ((('countryName', 'US'),),
> (('organizationName', 'VeriSign, Inc.'),),
> (('organizationalUnitName', 'VeriSign Trust Network'),),
> (('organizationalUnitName',
> 'Terms of use at https://www.verisign.com/rpa (c)06'),),
> (('commonName', 'VeriSign Class 3 Extended Validation SSL
> CA'),)),
> 'notAfter': 'Mar 22 23:59:59 2015 GMT',
> 'notBefore': 'Feb 20 00:00:00 2014 GMT',
> 'serialNumber': '69A7BC85C106DDE1CF4FA47D5ED813DC',
> 'subject': ((('1.3.6.1.4.1.311.60.2.1.3', 'US'),),
> (('1.3.6.1.4.1.311.60.2.1.2', 'Delaware'),),
> (('businessCategory', 'Private Organization'),),
> (('serialNumber', '2927442'),),
> (('countryName', 'US'),),
> (('postalCode', '60603'),),
> (('stateOrProvinceName', 'Illinois'),),
> (('localityName', 'Chicago'),),
> (('streetAddress', '135 S La Salle St'),),
> (('organizationName', 'Bank of America Corporation'),),
> (('organizationalUnitName', 'Network Infrastructure'),),
> (('commonName', 'www.bankofamerica.com'),)),
> 'subjectAltName': (('DNS', 'mobile.bankofamerica.com'),
> ('DNS', 'www.bankofamerica.com')),
> 'version': 3}
>
> How about just returning ALL the remaining fields and finishing
> the job? Thanks.
This would be much better on the issue tracker: https://bugs.python.org
--
~Ethan~
More information about the Python-list
mailing list