SSLSocket.getpeercert() doesn't return issuer, serial number, etc
gbaratto at gmail.com
Thu Aug 16 03:57:32 CEST 2012
SSL.Socket.getpeercert() doesn't return essential information present in
the client certificate (issuer, serial number, not before, etc), and it
looks it is by design:
By deliberately removing all that information, further
verification/manipulation of the cert becomes impossible.
Revocation lists, OCSP, and any other extra layers of certificate checking
cannot be done properly without all the information in the cert being
Is there anyway around this? There should be at least a flag for folks that
need all the information in the certificate.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Python-list