SSL module needs issuer information

Gelonida N gelonida at
Sat Sep 3 20:15:32 EDT 2011

Hi John,

On 09/03/2011 08:10 PM, John Nagle wrote:
>   The SSL module still doesn't return much information from the
> certificate.  SSLSocket.getpeercert only returns a few basic items
> about the certificate subject.  You can't retrieve issuer information,
> and you can't get the extensions needed to check if a cert is an EV cert.
>   With the latest flaps about phony cert issuers, it's worth
> having issuer info available.  It was available in the old M2Crypto
> module, but not in the current Python SSL module.

Your phrasing 'old M2Crypto' disturbs me slightly.

I am using Python 2.6. Is M2Crypto also obsolete for python 2.6?

Is there any serious alternative if I want to verify the server
certificate in a safe way (and if I want to send a client certificate)??

I am in search for a set of libraries, which allows me to:

- verify the server certificate (ideally via a custom call back, which
can inspect the certificate data and then decide whether the certificate
shall be accepted or not)
- send a client certificate

- use https with a cookie jar (ideally even persistent, but session
cookies are enough)

- do XMLRPC calls (but send cookies in the headers)

Would m2crypto be the right choice?

More information about the Python-list mailing list