This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Title: ssl module - could not get the server certificate w/o completed handshake
Type: behavior Stage: resolved
Components: SSL Versions: Python 3.8, Python 3.7, Python 3.6, Python 3.4, Python 3.5
Status: closed Resolution: wont fix
Dependencies: Superseder:
Assigned To: christian.heimes Nosy List: Lee Eric, christian.heimes
Priority: normal Keywords:

Created on 2019-02-02 06:09 by Lee Eric, last changed 2022-04-11 14:59 by admin. This issue is now closed.

Messages (2)
msg334738 - (view) Author: Lee Eric (Lee Eric) Date: 2019-02-02 06:09

I'm not sure if this is the right place to ask after I exhausted several communication ways. I'm trying to use standard ssl module to get the server certificate details. If I understand correctly, the certificate I can get only when the TLS/SSL handshake is done. Which means, if the server uses mTLS to authenticate client and I use ssl module to try to get the peer certificate w/o client certificate, I would not get the result due to the handshake is not complete.

I would like to know if there's any method that I can get the certificate even the handshake is not complete. Also, as the very initial handshake stage, in Server Hello the service side has sent out the server certificate already.

If the standard ssl module is designed in this behavior, is there any other module I can use to bypass the completed handshake to get the server certificate?


msg391305 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2021-04-17 18:58
You are correct. The ssl.get_server_certificate() helper function performs a full handshake and then returns the certificate. It's technically possible to get the cert chain from the ServerHello message, but Python does not provide an API for that.

I don't know any Python package for the task either.
Date User Action Args
2022-04-11 14:59:10adminsetgithub: 80069
2021-04-17 18:58:56christian.heimessetstatus: open -> closed
resolution: wont fix
messages: + msg391305

stage: resolved
2019-02-02 06:09:55Lee Ericcreate