SSLSocket.getpeercert() doesn't return issuer, serial number, etc

Gustavo Baratto gbaratto at gmail.com
Thu Aug 16 03:57:32 CEST 2012


Hello there,

SSL.Socket.getpeercert() doesn't return essential information present in
the client certificate (issuer, serial number, not before, etc), and it
looks it is by design:

http://docs.python.org/library/ssl.html#ssl.SSLSocket.getpeercert
http://hg.python.org/cpython/file/b878df1d23b1/Modules/_ssl.c#l866

By deliberately removing all that information, further
verification/manipulation of the cert becomes impossible.
Revocation lists, OCSP, and any other extra layers of certificate checking
cannot be done properly without all the information in the cert being
available.

Is there anyway around this? There should be at least a flag for folks that
need all the information in the certificate.

Thanks!
g.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-list/attachments/20120815/5b7dfe89/attachment.html>


More information about the Python-list mailing list