Obtaining SSL certificate info from SSL object - BUG?

Heikki Toivonen heikki at osafoundation.org
Wed Oct 25 21:04:45 CEST 2006


John Nagle wrote:
>     The Python SSL object offers two methods from obtaining
> the info from an SSL certificate, "server()" and "issuer()".
> The actual values in the certificate are a series of name/value
> pairs in ASN.1 binary format.  But what "server()" and "issuer()"
> return are strings, with the pairs separated by "/".  The

Is it an option for you to use 3rd party libraries (please note that the
Python stdlib SSL library does not do certificate validation etc. which
you'd typically want in a production application)?

With M2Crypto you could do something like this:

from M2Crypto import SSL

ctx = SSL.Context()
conn = SSL.Connection(ctx)
conn.connect(('www.verisign.com', 443))
cert = conn.get_peer_cert()
print cert.get_issuer().as_text()
print cert.get_subject().as_text()
try:
    print cert.get_ext('subjectAltName').get_value()
except LookupError:
    print 'no subjectAltName'
try:
    print cert.get_subject().CN
except AttributeError:
    print 'no commonName'

Please note, however, that if you need the server name because you want
to validate that you connected to the server you intended to, it would
be better to let M2Crypto do it for you or use the M2Crypto SSL.Checker
class explicitly yourself.

Other Python crypto libraries probably have equivalent APIs.

-- 
  Heikki Toivonen



More information about the Python-list mailing list