classification
Title: Add SSLSocket.get_verify_result()
Type: enhancement Stage:
Components: SSL Versions: Python 3.8
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: christian.heimes Nosy List: anthony shaw, christian.heimes
Priority: normal Keywords:

Created on 2017-09-06 21:49 by christian.heimes, last changed 2019-05-06 15:19 by anthony shaw.

Pull Requests
URL Status Linked Edit
PR 3395 closed christian.heimes, 2017-09-06 21:50
Messages (2)
msg301526 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2017-09-06 21:49
It might be useful to expose SSL_get_verify_result, https://wiki.openssl.org/index.php/Manual:SSL_get_verify_result(3) . The function returns the last verification error of 0 for no error. Application could still verify the chain with verify_mode = CERT_NONE.

>>> import socket, ssl
>>> ctx = ssl.SSLContext()
>>> s = ctx.wrap_socket(socket.socket())
>>> s.connect(('www.python.org', 443))
>>> s._sslobj._sslobj.get_verify_result()
(20, 'unable to get local issuer certificate')
msg341525 - (view) Author: anthony shaw (anthony shaw) Date: 2019-05-06 15:19
Please review the PR again, some of the code no longer applies as it targets master and the PR is quite old.
History
Date User Action Args
2019-05-06 15:19:16anthony shawsetnosy: + anthony shaw
messages: + msg341525
2018-02-26 08:29:11christian.heimessetversions: + Python 3.8, - Python 3.7
2017-09-06 21:50:31christian.heimessetpull_requests: + pull_request3401
2017-09-06 21:49:03christian.heimescreate