classification
Title: ssl.get_server_certificate like addition for cert chain
Type: enhancement Stage: resolved
Components: Extension Modules, SSL Versions: Python 3.4
process
Status: closed Resolution: duplicate
Dependencies: Superseder: SSLSocket.getpeercertchain()
View: 18233
Assigned To: christian.heimes Nosy List: christian.heimes, underrun
Priority: normal Keywords:

Created on 2013-07-24 14:57 by underrun, last changed 2016-09-15 08:10 by christian.heimes. This issue is now closed.

Messages (4)
msg193654 - (view) Author: Derek Wilson (underrun) Date: 2013-07-24 14:57
the ssl.get_server_certificate function is very useful for just requesting a cert. It would also be very useful to have a parallel function, possibly ssl.get_server_cert_chain that does the same thing except but provides a tuple of PEM encoded certs comprising the chain provided by the peer.

It would also be very useful, given that we have the ability to collect certs and cert chains without validating them, to have a separate convenience method for validation of certs given a cert (or chain) and the file/path to trusted CA root certs.

This way we could collect a cert chain once and validate against different ca cert stores, or collect a set of cert chains and do batch validation.

oh, and I'd love to see the _ssl._decode_certificate function exposed so that we can get easily get python data structure from certs.

If any of this sounds useful I would be happy to submit patches.
msg193658 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-07-24 15:26
I'm already working on the issue and I have a couple of patches in my work queue, e.g. #18369, #18233, #18147, #16487 and #18293
msg193661 - (view) Author: Derek Wilson (underrun) Date: 2013-07-24 16:19
very cool - i had seen a couple of those patches and they look good. Most of what I asked for is implemented in supporting bits for those issues.

Is their anything you could use some help on? I'm very interested in seeing better ssl support in python.
msg276529 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2016-09-15 08:10
I'm closing the ticket as duplicate of #18233
History
Date User Action Args
2016-09-15 08:10:02christian.heimessetstatus: open -> closed
messages: + msg276529

assignee: christian.heimes
components: + SSL
resolution: duplicate
stage: needs patch -> resolved
2016-06-12 11:25:33christian.heimessetassignee: christian.heimes -> (no value)
2013-07-24 16:19:50underrunsetmessages: + msg193661
2013-07-24 15:27:06christian.heimessetassignee: christian.heimes
2013-07-24 15:26:34christian.heimessetnosy: + christian.heimes
messages: + msg193658

superseder: SSLSocket.getpeercertchain()
stage: needs patch
2013-07-24 14:57:14underruncreate