Obtaining SSL certificate info from SSL object - BUG?

John Nagle nagle at animats.com
Wed Oct 25 06:30:28 CEST 2006


Paul Rubin wrote:
> John Nagle <nagle at animats.com> writes:
> 
>>The reason this now matters is that new "high assurance" certs,
>>the ones that tell you how much a site can be trusted, are now being
>>deployed,
> 
> 
> Oh my, I hadn't heard about this.  They come up with new scams all the
> time.  I guess I'll check for info.  It sounds sort of like the terror
> alert system, which tells us how scared to be on any particular day ;-)

Anyway, I've submitted it as a Python bug report:

     [1583946] SSL "issuer" and "server" functions problems - security

And for the record, here's a workaround: do a split with this
regular expression:

pparsecertstringre = re.compile(
	r"""(?:/)(\w(?:\w|))(?:=)""")

You'll get lists of the form

	['', key1, value1, key2, value2 ...]

This isn't totally unspoofable, and won't work for Unicode certs,
but it works for the few dozen common certs I've run through it.

				John Nagle
				Animats



More information about the Python-list mailing list