SSLsocket.getpeercert - request to return ALL the fields of the certificate.

John Nagle nagle at
Thu Nov 13 05:39:50 CET 2014

  In each revision of "getpeercert", a few more fields are returned.
Python 3.2 added "issuer" and "notBefore".  Python 3.4 added
"crlDistributionPoints", "caIssuers", and OCSP URLS. But some fields
still aren't returned.  I happen to need CertificatePolicies, which
is how you distinguish DV, OV, and EV certs.

   Here's what you get now:

{'OCSP': ('',),
 'caIssuers': ('',),
 'issuer': ((('countryName', 'US'),),
            (('organizationName', 'VeriSign, Inc.'),),
            (('organizationalUnitName', 'VeriSign Trust Network'),),
              'Terms of use at (c)06'),),
            (('commonName', 'VeriSign Class 3 Extended Validation SSL
 'notAfter': 'Mar 22 23:59:59 2015 GMT',
 'notBefore': 'Feb 20 00:00:00 2014 GMT',
 'serialNumber': '69A7BC85C106DDE1CF4FA47D5ED813DC',
 'subject': ((('', 'US'),),
             (('', 'Delaware'),),
             (('businessCategory', 'Private Organization'),),
             (('serialNumber', '2927442'),),
             (('countryName', 'US'),),
             (('postalCode', '60603'),),
             (('stateOrProvinceName', 'Illinois'),),
             (('localityName', 'Chicago'),),
             (('streetAddress', '135 S La Salle St'),),
             (('organizationName', 'Bank of America Corporation'),),
             (('organizationalUnitName', 'Network Infrastructure'),),
             (('commonName', ''),)),
 'subjectAltName': (('DNS', ''),
                    ('DNS', '')),
 'version': 3}

   How about just returning ALL the remaining fields and finishing
the job?  Thanks.

				John Nagle

More information about the Python-list mailing list