urllib getting SSL certificate info

John Nagle nagle at animats.com
Sun Aug 17 19:15:47 CEST 2008


Fredrik Lundh wrote:
> Ghirai wrote:
> 
>> Using urllib, is there any way i could access some info about the SSL 
>> certificate (when opening a https url)?
>>
>> I'm really interested in the fingerprint.
>>
>> I haven't been able to find anything so far.
> 
> you can get some info via (undocumented?) attributes on the file handle:
> 
>  >>> import urllib
>  >>> f = urllib.urlopen("https://mail.google.com/")
>  >>> f.fp
> <httplib.SSLFile instance at 0x00CE2508>
> ['issuer', 'read', 'server', 'write']
>  >>> f.fp._ssl.issuer()
> '/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA'
>  >>> f.fp._ssl.server()
> '/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mail.google.com'
> 
> </F>

    If you really need details from the SSL cert, you usually have to use
M2Crypto.  The base SSL package doesn't actually do much with certificates.
It doesn't validate the certificate chain.  And those strings of
attributes you can get are ambiguious; data fields may contain unescaped
"/", which is the field separator.  I went through this last year and
had to use M2Crypto, which is something of a headache but more or less works.

				John Nagle



More information about the Python-list mailing list