Obtaining SSL certificate info from SSL object - BUG?
Donn Cave
donn at u.washington.edu
Tue Oct 24 12:59:03 EDT 2006
In article <453D95EA.1020602 at animats.com>,
John Nagle <nagle at animats.com> wrote:
> The Python SSL object offers two methods from obtaining
> the info from an SSL certificate, "server()" and "issuer()".
> The actual values in the certificate are a series of name/value
> pairs in ASN.1 binary format. But what "server()" and "issuer()"
> return are strings, with the pairs separated by "/". The
> documentation at "http://docs.python.org/lib/ssl-objects.html"
> says "Returns a string containing the ASN.1 distinguished name identifying
> the
> server's certificate.
...
> "/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International
> Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY
> LTD.(c)97
> VeriSign".
>
> Note that
>
> "OU=Terms of use at www.verisign.com/rpa (c)00"
>
> with a "/" in the middle of the value field.
...
> Is there a workaround for this? Without rebuilding Python
> and becoming incompatible?
As a practical matter, I think it's fairly safe to assume
there will be no values that include / in a context like
really looks like that X.500 style distinguished name.
So if you parse out that string in those terms, and require
each of those key = value pairs to have reasonable values -
key has no embedded spaces, value has non-zero length - then
you should be OK. Re-join any invalid component to its
predecessor's value.
Donn Cave, donn at u.washington.edu
More information about the Python-list
mailing list