[pyOpenSSL] pyOpenSSL certificate information - how?
Martin Sjögren
msjogren at gmail.com
Mon Jul 19 21:10:13 CEST 2004
On Mon, 19 Jul 2004 19:13:47 +0200, Jos Vos <jos at xos.nl> wrote:
> > What this tells you is that the only field of the X509Name that
> > actually has a value is the CN field, or "common name".
>
> This actually works, thanks, but "common_name" or any of the other
> listed members (in the docs section 3.1.2) does not work, also
> not if the related fields exist (tested with another certificate).
>
> So, is the documentation here indeed incorrect?
The documentation is, indeed, NOT correct. :-(
The correct list of short and full names is:
C - countryName
L - localityName
ST - stateOrProvinceName
O - organizationName
OU - organizationalUnitName
CN - commonName
emailAddress (no short name)
These are just looked up in openssl by using OBJ_txt2nid and I don't
really know if anything's changed in openssl or if this is just a
general fuckup by me, but these seven work with openssl 0.9.7.
> > There are, of course, properties of the certificate itself that you
> > could check, like whether it has expired and so forth.
>
> Could you point me to some code examples?
Well, there's cert.has_expired(), cert.gmtime_adj_not{Before,After}
and stuff, but I don't have any example snippets as such.
> Related to this: how do I load a revoke list (CRL) in the Python
> interface? I tried to load a CRL file with load_verify_locations(),
> which does not seem to produce an error, but also doesn't refuse the
> revoked certificates afterwards.
To be honest with you, I don't know, I haven't worked with CRLs (which
means it's a good bet it doesn't work at all in pyopenssl... patches
welcome :)
/Martin
More information about the pyopenssl-users
mailing list