[Python-checkins] cpython (3.3): Issue #17739: fix the description of SSLSocket.getpeercert(binary_form=True)

antoine.pitrou python-checkins at python.org
Tue Apr 16 20:28:50 CEST 2013


http://hg.python.org/cpython/rev/908f1a61b907
changeset:   83410:908f1a61b907
branch:      3.3
parent:      83407:35dd0ed848b8
user:        Antoine Pitrou <solipsis at pitrou.net>
date:        Tue Apr 16 20:27:17 2013 +0200
summary:
  Issue #17739: fix the description of SSLSocket.getpeercert(binary_form=True) for server sockets.
Thanks to David D Lowe for reporting.

files:
  Doc/library/ssl.rst |  16 +++++++++++-----
  1 files changed, 11 insertions(+), 5 deletions(-)


diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst
--- a/Doc/library/ssl.rst
+++ b/Doc/library/ssl.rst
@@ -573,7 +573,7 @@
    If there is no certificate for the peer on the other end of the connection,
    returns ``None``.
 
-   If the parameter ``binary_form`` is :const:`False`, and a certificate was
+   If the ``binary_form`` parameter is :const:`False`, and a certificate was
    received from the peer, this method returns a :class:`dict` instance.  If the
    certificate was not validated, the dict is empty.  If the certificate was
    validated, it returns a dict with several keys, amongst them ``subject``
@@ -613,10 +613,16 @@
    If the ``binary_form`` parameter is :const:`True`, and a certificate was
    provided, this method returns the DER-encoded form of the entire certificate
    as a sequence of bytes, or :const:`None` if the peer did not provide a
-   certificate.  This return value is independent of validation; if validation
-   was required (:const:`CERT_OPTIONAL` or :const:`CERT_REQUIRED`), it will have
-   been validated, but if :const:`CERT_NONE` was used to establish the
-   connection, the certificate, if present, will not have been validated.
+   certificate.  Whether the peer provides a certificate depends on the SSL
+   socket's role:
+
+   * for a client SSL socket, the server will always provide a certificate,
+     regardless of whether validation was required;
+
+   * for a server SSL socket, the client will only provide a certificate
+     when requested by the server; therefore :meth:`getpeercert` will return
+     :const:`None` if you used :const:`CERT_NONE` (rather than
+     :const:`CERT_OPTIONAL` or :const:`CERT_REQUIRED`).
 
    .. versionchanged:: 3.2
       The returned dictionary includes additional items such as ``issuer``

-- 
Repository URL: http://hg.python.org/cpython


More information about the Python-checkins mailing list