Before using SSL BIO (which is great itself BTW) I has a way to access peers certificate by `ssl_transp.get_extra_info('socket').getpeercert()` call.

Now socket is a regular socket without `.getpeercert()` method.
I use hack like `ssl_transp._ssl_protocol._sslpipe.ssl_object.getpeercert()` as workaround but really interesting in the proper way to do this using public API only.

I suggest adding 'ssl_object' key to `ssl_proto` for BIO-based SSL.

Thoughts?

P.S.
See aiohttp commit for workaround bugfix: https://github.com/KeepSafe/aiohttp/commit/e286d4f9fb1993de2438bdca40712cf1660faf9e

The specific case of getpeercert(), there is an extra info. For other info,
did you notice that I just added ssl_object to extra info? :-)

http://bugs.python.org/issue25114

I've missed your patch, sorry.

Everything is fixed by http://bugs.python.org/issue25114

> I've missed your patch, sorry.

There is no need to be sorry :-)

> Everything is fixed by http://bugs.python.org/issue25114

Wow, great :-)

Thanks again Mathieu Pasquet who reported the issue #22768.

BTW for fingerprint check for self-signed certs I need binary form of certificate `ssl_obj.getpeercert(binary_form=True)` but `transp.get_extra_info('peercert')` returns a dict-based form.

>> Thanks again Mathieu Pasquet who reported the issue #22768.

> BTW for fingerprint check for self-signed certs I need binary form of certificate `ssl_obj.getpeercert(binary_form=True)` but `transp.get_extra_info('peercert')` returns a dict-based form.

Yes, it's exactly the use case described in #22768 ;-) But ssl_object extra info is more generic, it gives access to all SSL methods.