This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Title: SSL module doesn't allow access to cert issuer information
Type: enhancement Stage: resolved
Components: Library (Lib) Versions: Python 3.3
Status: closed Resolution: out of date
Dependencies: Superseder:
Assigned To: Nosy List: jcea, nagle, pitrou
Priority: normal Keywords:

Created on 2011-10-28 21:12 by nagle, last changed 2022-04-11 14:57 by admin. This issue is now closed.

Messages (2)
msg146579 - (view) Author: John Nagle (nagle) Date: 2011-10-28 21:12
The SSL module still doesn't return much information from the
certificate.  SSLSocket.getpeercert only returns a few basic items
about the certificate subject.  You can't retrieve issuer information,
and you can't get the extensions needed to check if a cert is an EV cert.

With the latest flaps about phony cert issuers, (another CA compromise hit the news today) it's worth having issuer info available.
It was available in the old M2Crypto module, but not in the current Python SSL module.

                                John Nagle
msg146608 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2011-10-29 13:57
It's available in 3.3:

>>> ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
>>> ctx.verify_mode = ssl.CERT_REQUIRED
>>> ctx.set_default_verify_paths()
>>> with ctx.wrap_socket(socket.socket()) as sock:
...   sock.connect(("", 443))
...   cert = sock.getpeercert()
>>> pprint.pprint(cert)
{'issuer': ((('organizationName', 'Root CA'),),
            (('organizationalUnitName', ''),),
            (('commonName', 'CA Cert Signing Authority'),),
            (('emailAddress', ''),)),
 'notAfter': 'Jan  9 20:50:13 2012 GMT',
 'notBefore': 'Jan  9 20:50:13 2010 GMT',
 'serialNumber': '0806E3',
 'subject': ((('commonName', ''),),),
 'subjectAltName': (('DNS', ''), ('othername', '<unsupported>')),
 'version': 3}
Date User Action Args
2022-04-11 14:57:23adminsetgithub: 57497
2011-10-31 16:29:48jceasetnosy: + jcea
2011-10-29 13:57:37pitrousetstatus: open -> closed

type: enhancement
versions: - Python 2.6, Python 3.1, Python 2.7, Python 3.2, Python 3.4
nosy: + pitrou

messages: + msg146608
resolution: out of date
stage: resolved
2011-10-28 21:12:21naglecreate