SSL module needs issuer information

Gelonida N gelonida at gmail.com
Sun Sep 4 02:15:32 CEST 2011


Hi John,

On 09/03/2011 08:10 PM, John Nagle wrote:
>   The SSL module still doesn't return much information from the
> certificate.  SSLSocket.getpeercert only returns a few basic items
> about the certificate subject.  You can't retrieve issuer information,
> and you can't get the extensions needed to check if a cert is an EV cert.
> 
>   With the latest flaps about phony cert issuers, it's worth
> having issuer info available.  It was available in the old M2Crypto
> module, but not in the current Python SSL module.

Your phrasing 'old M2Crypto' disturbs me slightly.

I am using Python 2.6. Is M2Crypto also obsolete for python 2.6?

Is there any serious alternative if I want to verify the server
certificate in a safe way (and if I want to send a client certificate)??


I am in search for a set of libraries, which allows me to:

- verify the server certificate (ideally via a custom call back, which
can inspect the certificate data and then decide whether the certificate
shall be accepted or not)
	
- send a client certificate

- use https with a cookie jar (ideally even persistent, but session
cookies are enough)

- do XMLRPC calls (but send cookies in the headers)

Would m2crypto be the right choice?





More information about the Python-list mailing list