SSL meta data

BerndWill bernd at ewill.de
Mon Sep 25 22:44:03 CEST 2006


Thanks Jan.
I will try pycurl then.

Regards
Bernd

"Jan Dries" <jan.dries at dcube-resource.be> schrieb im Newsbeitrag 
news:mailman.601.1159213325.10491.python-list at python.org...
> Paul Rubin wrote:
>> "BerndWill" <bernd at ewill.de> writes:
>>> I would love to read programmatically some information out of the 
>>> certificates itself (who signed it and what is the validation period, 
>>> i.e. meta data).
>>>
>>>  Can someone please help me out here !?
>>
>> This is very cheesy but I sometimes I've just run the openssl command
>> line utility with popen and read the output:
>>
>>   openssl x509 -text -noout -in certfile
>>
>> will dump out the cert contents and you can parse it with regexps.
>>
>> The right way to do it is to make the appropriate m2crypto (or
>> whatever) calls that parse the cert directly.
>
> I'm not sure this is what the OP is looking for. Your method assumes the 
> certificate is on the local file system, while it seems to me he wants to 
> do an HTTPS request to one of their servers and obtain information from 
> the certificate installed there.
>
> For doing that, cURL might be a good choice (either the command line 
> version (http://curl.haxx.se) or the python extension module PycURL 
> http://pycurl.sourceforge.net/)).
>
> For instance:
>
> C:\> curl -v https://www.paypal.com
>
> * About to connect() to www.paypal.com port 443
> *   Trying 216.113.188.65... * connected
> * Connected to www.paypal.com (216.113.188.65) port 443
> * successfully set certificate verify locations:
> *   CAfile: C:\home\personal\development\bin\curl-ca-bundle.crt
>   CApath: none
> * SSL connection using DHE-RSA-AES256-SHA
> * Server certificate:
> *        subject: /C=US/ST=California/L=Mountain View/O=Paypal 
> Inc./OU=Information Systems/OU=Terms of use at
> www.verisign.com/rpa (c)00/CN=www.paypal.com
> *        start date: 2006-02-09 00:00:00 GMT
> *        expire date: 2008-02-09 23:59:59 GMT
> *        common name: www.paypal.com (matched)
> *        issuer: /O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign 
> International Server CA - Class 3/OU=
> www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
> * SSL certificate verify ok.
>
> [more output deleted]
>
> I'm sure that by using the cURL API directly, you can obtain the 
> certificate information in a more direct way without having to rely on 
> parsing the above output with regexps. Doing so might also be more complex 
> though :-)
>
> Regards,
> Jan
> 





More information about the Python-list mailing list