Logged In: YES 
user_id=5571

Actually, they don't do what they're "designed to do". 
According to the Python library documentation for SSL
objects, the server method "Returns a string containing the
ASN.1 distinguished name identifying the server's
certificate. (See below for an example showing what
distinguished names look like.)" The example "below" is
missing from the documentation, so the documentation gives
us no clue of what to expect.  

There are several standardized representations for ASN.1
information.  See
"http://www.oss.com/asn1/tutorial/Explain.html"  Most are
binary. The only standard textual form is "XER", which is an
XML representation of ASN.1 encoded information.  It's
essentially the same representation used for parameters in
SOAP. 

So, given the documentation and the standard, what should be
coming out is the XML representation of that data. 

Here's an entire X.509 certificate in XML:

http://www.gnu.org/software/gnutls/manual/html_node/An-X_002e509-certificate.html

The "issuer" field can be seen in there.  It's awfully
bulky.  And making SSL dependent on the SOAP module probably
isn't desireable.  But that's an ASN.1 distinguished name in
XML format, per the standard. 

That's probably not what's wanted by most users, although
the ability to retrieve an entire certificate in XML format
would be useful.

However, there's another standard string encoding, which is
defined in RFC2253.  This is comma-separated UTF-8 with
backslash escapes for special characters.  That's reliably
parseable. There's an openSSL function,
"X509_NAME_print_ex", which does this formatting, but it
doesn't output to a string.  That's the right mechanism if
it can be invoked in some way to yield a string.  It should
be invoked with flags = ASN1_STRFLGS_RFC2253, which yields a
UTF8 string, which of course should become a Python Unicode
string.

Now if someone can figure out how to get a string, instead
of file output, out of OpenSSL's "X509_NAME_print_ex", we're
home.