[issue18233] SSLSocket.getpeercertchain()
joernheissler
report at bugs.python.org
Tue May 16 14:53:15 EDT 2017
joernheissler added the comment:
Hi,
I'd like to see this feature too.
My use case is a monitoring script to check the life time of the server certificate, including the chain. I would prefer to have a wrapper around SSL_get_peer_cert_chain.
I understand that this is *not* a verified chain. That's okay.
openssl-1.1 added a new function SSL_get0_verified_chain which may be safer for most applications. Is there any real difference to X509_STORE_CTX_get1_chain?
If you're worried about people misusing these functions, add a warning in the docs and point them to "get_peer_verified_chain"?
----------
nosy: +joernheissler
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue18233>
_______________________________________
More information about the Python-bugs-list
mailing list