Obtaining SSL certificate info from SSL object - BUG?
John Nagle
nagle at animats.com
Wed Oct 25 00:30:28 EDT 2006
Paul Rubin wrote:
> John Nagle <nagle at animats.com> writes:
>
>>The reason this now matters is that new "high assurance" certs,
>>the ones that tell you how much a site can be trusted, are now being
>>deployed,
>
>
> Oh my, I hadn't heard about this. They come up with new scams all the
> time. I guess I'll check for info. It sounds sort of like the terror
> alert system, which tells us how scared to be on any particular day ;-)
Anyway, I've submitted it as a Python bug report:
[1583946] SSL "issuer" and "server" functions problems - security
And for the record, here's a workaround: do a split with this
regular expression:
pparsecertstringre = re.compile(
r"""(?:/)(\w(?:\w|))(?:=)""")
You'll get lists of the form
['', key1, value1, key2, value2 ...]
This isn't totally unspoofable, and won't work for Unicode certs,
but it works for the few dozen common certs I've run through it.
John Nagle
Animats
More information about the Python-list
mailing list