classification
Title: add timeout parameter for get_server_certificate in ssl.py
Type: enhancement Stage: resolved
Components: SSL Versions: Python 3.10
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: christian.heimes Nosy List: Nixawk, ZackerySpytz, alex, christian.heimes, dstufft, janssen, miss-islington
Priority: normal Keywords: patch

Created on 2017-10-26 04:11 by Nixawk, last changed 2021-04-24 05:54 by christian.heimes. This issue is now closed.

Files
File name Uploaded Description Edit
ssl.py Nixawk, 2017-10-26 04:11 Added timeout support for func get_server_certificate in ssl module.
Pull Requests
URL Status Linked Edit
PR 4126 closed Nixawk, 2017-10-26 04:11
PR 22270 merged ZackerySpytz, 2020-09-16 05:46
PR 25570 merged christian.heimes, 2021-04-24 05:24
Messages (4)
msg305021 - (view) Author: Vex Woo (Nixawk) * Date: 2017-10-26 04:11
The original get_server_certificate in ssl.py does not support socket timeout,

def get_server_certificate(addr, ssl_version=PROTOCOL_TLS, ca_certs=None):
    """Retrieve the certificate from the server at the specified address,
    and return it as a PEM-encoded string.
    If 'ca_certs' is specified, validate the server cert against it.
    If 'ssl_version' is specified, use it in the connection attempt."""

    host, port = addr
    if ca_certs is not None:
        cert_reqs = CERT_REQUIRED
    else:
        cert_reqs = CERT_NONE
    context = _create_stdlib_context(ssl_version,
                                     cert_reqs=cert_reqs,
                                     cafile=ca_certs)
    with  create_connection(addr) as sock:
        with context.wrap_socket(sock) as sslsock:
            dercert = sslsock.getpeercert(True)
    return DER_cert_to_PEM_cert(dercert)

If a timeout parameter, a sample demo can be here:

>>> import ssl
>>> ssl.get_server_certificate(("www.qq.com", 443), timeout=6)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python2.7/ssl.py", line 1017, in get_server_certificate
    with closing(create_connection(addr, timeout)) as sock:
  File "/usr/lib/python2.7/socket.py", line 575, in create_connection
    raise err
socket.error: [Errno 101] Network is unreachable
msg312879 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-02-26 07:58
It's too late to land a new feature in 3.7.
msg391758 - (view) Author: miss-islington (miss-islington) Date: 2021-04-24 04:46
New changeset b2fac1afaa7c0d41a263781fcf94d8a92dc31b48 by Zackery Spytz in branch 'master':
bpo-31870: Add a timeout parameter to ssl.get_server_certificate() (GH-22270)
https://github.com/python/cpython/commit/b2fac1afaa7c0d41a263781fcf94d8a92dc31b48
msg391760 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2021-04-24 05:54
New changeset f05c2aed7e25087122613b51f152919c79641f66 by Christian Heimes in branch 'master':
bpo-31870: Fix test_get_server_certificate_timeout on Windows (GH-25570)
https://github.com/python/cpython/commit/f05c2aed7e25087122613b51f152919c79641f66
History
Date User Action Args
2021-04-24 05:54:11christian.heimessetmessages: + msg391760
2021-04-24 05:24:54christian.heimessetpull_requests: + pull_request24289
2021-04-24 04:57:49christian.heimessetstatus: open -> closed
stage: patch review -> resolved
resolution: fixed
versions: + Python 3.10, - Python 3.8
2021-04-24 04:46:08miss-islingtonsetnosy: + miss-islington
messages: + msg391758
2020-09-16 05:46:46ZackerySpytzsetkeywords: + patch
nosy: + ZackerySpytz

pull_requests: + pull_request21325
stage: needs patch -> patch review
2018-02-26 07:58:58christian.heimessetstage: patch review -> needs patch
messages: + msg312879
versions: + Python 3.8, - Python 3.7
2017-11-03 21:50:38christian.heimessetversions: + Python 3.7
nosy: + janssen, christian.heimes, alex, dstufft

assignee: christian.heimes
components: + SSL, - Library (Lib)
stage: patch review
2017-10-26 04:11:25Nixawkcreate