Obtaining SSL certificate info from SSL object - BUG?

Donn Cave donn at u.washington.edu
Tue Oct 24 18:59:03 CEST 2006


In article <453D95EA.1020602 at animats.com>,
 John Nagle <nagle at animats.com> wrote:

>      The Python SSL object offers two methods from obtaining
> the info from an SSL certificate, "server()" and "issuer()".
> The actual values in the certificate are a series of name/value
> pairs in ASN.1 binary format.  But what "server()" and "issuer()"
> return are strings, with the pairs separated by "/".  The
> documentation at "http://docs.python.org/lib/ssl-objects.html"
> says "Returns a string containing the ASN.1 distinguished name identifying 
> the 
> server's certificate.
...
> "/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International
> Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY 
> LTD.(c)97 
> VeriSign".
> 
> Note that
> 
>     "OU=Terms of use at www.verisign.com/rpa (c)00"
> 
> with a "/" in the middle of the value field.
...
> Is there a workaround for this?  Without rebuilding Python
> and becoming incompatible?

As a practical matter, I think it's fairly safe to assume
there will be no values that include / in a context like
really looks like that X.500 style distinguished name.

So if you parse out that string in those terms, and require
each of those key = value pairs to have reasonable values -
key has no embedded spaces, value has non-zero length - then
you should be OK.  Re-join any invalid component to its
predecessor's value.

   Donn Cave, donn at u.washington.edu



More information about the Python-list mailing list