SSL module needs issuer information
gelonida at gmail.com
Sat Sep 3 20:15:32 EDT 2011
On 09/03/2011 08:10 PM, John Nagle wrote:
> The SSL module still doesn't return much information from the
> certificate. SSLSocket.getpeercert only returns a few basic items
> about the certificate subject. You can't retrieve issuer information,
> and you can't get the extensions needed to check if a cert is an EV cert.
> With the latest flaps about phony cert issuers, it's worth
> having issuer info available. It was available in the old M2Crypto
> module, but not in the current Python SSL module.
Your phrasing 'old M2Crypto' disturbs me slightly.
I am using Python 2.6. Is M2Crypto also obsolete for python 2.6?
Is there any serious alternative if I want to verify the server
certificate in a safe way (and if I want to send a client certificate)??
I am in search for a set of libraries, which allows me to:
- verify the server certificate (ideally via a custom call back, which
can inspect the certificate data and then decide whether the certificate
shall be accepted or not)
- send a client certificate
- use https with a cookie jar (ideally even persistent, but session
cookies are enough)
- do XMLRPC calls (but send cookies in the headers)
Would m2crypto be the right choice?
More information about the Python-list