Title: SSL: diagnostic functions to list loaded CA certs
Type: enhancement Stage: resolved
Components: Extension Modules Versions: Python 3.4
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: brett.cannon, christian.heimes, pitrou, python-dev, r.david.murray
Priority: normal Keywords: patch

Created on 2013-06-06 10:19 by christian.heimes, last changed 2015-04-13 19:07 by python-dev. This issue is now closed.

File name Uploaded Description Edit
ssl_ca_stats.patch christian.heimes, 2013-06-06 10:19 review
ssl_ca_stats2.patch christian.heimes, 2013-06-11 23:25 review
ssl_ca_stats3.patch christian.heimes, 2013-06-16 20:05 review
Messages (7)
msg190709 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-06-06 10:19
The patch adds two methods to SSLContext which return information about loaded x509 certs, CRL and CAs. 


>>> ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
>>> ctx.load_verify_locations(SVN_PYTHON_ORG_ROOT_CERT)
>>> ctx.cert_store_stats()
{'crl': 0, 'x509': 1}
>>> ctx.get_ca_list()
[{'issuer': ((('organizationName', 'Root CA'),),
             (('organizationalUnitName', ''),),
             (('commonName', 'CA Cert Signing Authority'),),
             (('emailAddress', ''),)),
  'notAfter': 'Mar 29 12:29:49 2033 GMT',
  'notBefore': 'Mar 30 12:29:49 2003 GMT',
  'serialNumber': '00',
  'subject': ((('organizationName', 'Root CA'),),
              (('organizationalUnitName', ''),),
              (('commonName', 'CA Cert Signing Authority'),),
              (('emailAddress', ''),)),
  'version': 3}]
msg190998 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-06-11 23:25
New patch

* method has been renamed to get_ca_list() and returns only CA certs
* get_ca_list(binary_form=True) returns CA certs in DER format
* cert_store_stats() returns three elements: X.509 CA cert count, X.509 non-CA count and CRL count
msg191285 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-06-16 20:05
Updated patch with Antoine's review:

* method is now called get_ca_certs()
* cert_store_stats() returns total amount of X.509 as 'x509' key and X.509 certs with CA purpose in 'x509_ca'.
* documentation
msg191334 - (view) Author: Roundup Robot (python-dev) Date: 2013-06-17 13:45
New changeset 38e759e4c9e6 by Christian Heimes in branch 'default':
Issue #18147: Add diagnostic functions to ssl.SSLContext().
msg203710 - (view) Author: Roundup Robot (python-dev) Date: 2013-11-22 01:23
New changeset ae0734493f6b by Christian Heimes in branch 'default':
Issue #18147: Add missing documentation for SSLContext.get_ca_certs().
msg208720 - (view) Author: R. David Murray (r.david.murray) * (Python committer) Date: 2014-01-21 23:29
It looks like the doc for get_ca_certs wasn't missing, so now it appears twice in the docs.  I'm not sure which is the preferred wording, so I'll leave it to Christian to fix it.
msg240707 - (view) Author: Roundup Robot (python-dev) Date: 2015-04-13 19:07
New changeset d88b5469fdd3 by Antoine Pitrou in branch '3.4':
Fix duplicate doc entry for SSLContext.get_ca_certs()

New changeset d7352db81b50 by Antoine Pitrou in branch 'default':
Fix duplicate doc entry for SSLContext.get_ca_certs()
Date User Action Args
2015-04-13 19:07:03python-devsetstatus: open -> closed

messages: + msg240707
2014-01-21 23:29:16r.david.murraysetstatus: closed -> open
nosy: + r.david.murray
messages: + msg208720

2013-11-22 01:23:49python-devsetmessages: + msg203710
2013-06-17 13:58:43christian.heimessetstatus: open -> closed
stage: commit review -> resolved
2013-06-17 13:45:51christian.heimessetresolution: fixed
stage: patch review -> commit review
2013-06-17 13:45:20python-devsetnosy: + python-dev
messages: + msg191334
2013-06-17 11:55:30pitroulinkissue18233 dependencies
2013-06-16 20:05:54christian.heimessetfiles: + ssl_ca_stats3.patch

messages: + msg191285
2013-06-11 23:25:33christian.heimessetfiles: + ssl_ca_stats2.patch

messages: + msg190998
2013-06-06 10:19:29christian.heimescreate