SSL certificate parsing?

Python Nutter pythonnutter at gmail.com
Tue Jan 6 08:11:40 CET 2009


If no one answers, the way I do my work with certificates is I just
wrap OpenSSL myself by doing a popen call (probably now should be
using subprocess for any future scripts I write). I then redirect the
output that normally goes to the shell window into a buffer then I
search/slice out the fields using standard Python string searching.
You could go to regex's but its overkill in my opinion if you can
simply do standard string searches. The buffer always follows a set
pattern so you are not going to have to search wildly varying output
from OpenSSL call to OpenSSL call.

I looked at PyOpenSSL but I have country specific OIDs that are
standard by not in the default ISO standard. Most libraries fall short
on supporting what I need and it was brain dead easy to just call
OpenSSL in my script directly and capture the output for parsing.

Its up to you what you want to do with the extracted information, you
could just populate a dict with it and perhaps shelve or store it for
later use if you have such a need or as in my case since I only
process the certificates once I just use the parsed information
immediately in my scripts logic decision tree(s) to create various
output.

Cheers,
PN

2009/1/5 Taras Ivashchenko <naplanetu at gmail.com>:
> Hello, list!
>
> I use pyopenssl [0] for checking SSL certificates.
> And one of such checks is if given certificate is self-signed.
> I can do it using values of X509v3 extensions: the subject key identifier and
> the authority key id:
> X509v3 Subject Key Identifier:
> 0E:D4:AA:B1:09:91:7C:36:60:EA:56:4E:9C:57:00:AF:9C:4D:02:00
> X509v3 Authority Key Identifier:
> keyid:0E:D4:AA:B1:09:91:7C:36:60:EA:56:4E:9C:57:00:AF:9C:4D:02:00
>
> I read documentation of pyOpenSSL but I didn't find way how to grub
> this information
> from certificate using, for example, methods of X509 object.
>
> May be there is another way to parse SSL certificates?
> I will be glad to get ever text version of given SSL certificate :)
>
> [0] http://pyopenssl.sourceforge.net/
>
> P.S. I already wrote to  pyopenssl mailing list, but there is now
> answer there :(
>
> Тарас Иващенко (Taras Ivashchenko)
> --
> "Software is like sex: it's better when it's free.", - Linus Torvalds.
> --
> http://mail.python.org/mailman/listinfo/python-list
>


More information about the Python-list mailing list