SSLsocket.getpeercert - request to return ALL the fields of the certificate.

John Nagle nagle at animats.com
Thu Nov 13 05:39:50 CET 2014


  In each revision of "getpeercert", a few more fields are returned.
Python 3.2 added "issuer" and "notBefore".  Python 3.4 added
"crlDistributionPoints", "caIssuers", and OCSP URLS. But some fields
still aren't returned.  I happen to need CertificatePolicies, which
is how you distinguish DV, OV, and EV certs.

   Here's what you get now:

{'OCSP': ('http://EVSecure-ocsp.verisign.com',),
 'caIssuers': ('http://EVSecure-aia.verisign.com/EVSecure2006.cer',),
 'crlDistributionPoints':
('http://EVSecure-crl.verisign.com/EVSecure2006.crl',),
 'issuer': ((('countryName', 'US'),),
            (('organizationName', 'VeriSign, Inc.'),),
            (('organizationalUnitName', 'VeriSign Trust Network'),),
            (('organizationalUnitName',
              'Terms of use at https://www.verisign.com/rpa (c)06'),),
            (('commonName', 'VeriSign Class 3 Extended Validation SSL
CA'),)),
 'notAfter': 'Mar 22 23:59:59 2015 GMT',
 'notBefore': 'Feb 20 00:00:00 2014 GMT',
 'serialNumber': '69A7BC85C106DDE1CF4FA47D5ED813DC',
 'subject': ((('1.3.6.1.4.1.311.60.2.1.3', 'US'),),
             (('1.3.6.1.4.1.311.60.2.1.2', 'Delaware'),),
             (('businessCategory', 'Private Organization'),),
             (('serialNumber', '2927442'),),
             (('countryName', 'US'),),
             (('postalCode', '60603'),),
             (('stateOrProvinceName', 'Illinois'),),
             (('localityName', 'Chicago'),),
             (('streetAddress', '135 S La Salle St'),),
             (('organizationName', 'Bank of America Corporation'),),
             (('organizationalUnitName', 'Network Infrastructure'),),
             (('commonName', 'www.bankofamerica.com'),)),
 'subjectAltName': (('DNS', 'mobile.bankofamerica.com'),
                    ('DNS', 'www.bankofamerica.com')),
 'version': 3}

   How about just returning ALL the remaining fields and finishing
the job?  Thanks.

				John Nagle



More information about the Python-list mailing list