SSLSocket.getpeercert() doesn't return issuer, serial number, etc

Gustavo Baratto gbaratto at
Thu Aug 16 03:57:32 CEST 2012

Hello there,

SSL.Socket.getpeercert() doesn't return essential information present in
the client certificate (issuer, serial number, not before, etc), and it
looks it is by design:

By deliberately removing all that information, further
verification/manipulation of the cert becomes impossible.
Revocation lists, OCSP, and any other extra layers of certificate checking
cannot be done properly without all the information in the cert being

Is there anyway around this? There should be at least a flag for folks that
need all the information in the certificate.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Python-list mailing list