[issue31892] ssl.get_server_certificate should allow specifying certificate / key type
Christian Heimes
report at bugs.python.org
Thu Nov 2 06:51:04 EDT 2017
Christian Heimes <lists at cheimes.de> added the comment:
Example implementation of get_server_certificate() with cert type: https://gist.github.com/tiran/6e7a5b00483376e164c951730db7d4e5
TLS 1.3 has a signature_algorithms extension that allows a client to have even more control over the selected certificate and signature algorithms. It defines authentication algorithm (RSA, ECDSA, EdDSA), signature scheme (PKCS#1 v1.5 or PKCS#1 v2.1 aka RSA-PSS for RSA, curve for ECDSA), and hashing algorithm (SHA-1, SHA-2 256/384/512). https://tools.ietf.org/html/draft-ietf-tls-tls13-21#section-4.2.3
I've contacted openssl maintainers and asked them for advice: https://mta.openssl.org/pipermail/openssl-users/2017-November/006834.html
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue31892>
_______________________________________
More information about the Python-bugs-list
mailing list