➜
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2019-02-02 06:09 by Lee Eric, last changed 2022-04-11 14:59 by admin. This issue is now closed.
| Messages (2) | |||
|---|---|---|---|
| msg334738 - (view) | Author: Lee Eric (Lee Eric) | Date: 2019-02-02 06:09 | |
Hi, I'm not sure if this is the right place to ask after I exhausted several communication ways. I'm trying to use standard ssl module to get the server certificate details. If I understand correctly, the certificate I can get only when the TLS/SSL handshake is done. Which means, if the server uses mTLS to authenticate client and I use ssl module to try to get the peer certificate w/o client certificate, I would not get the result due to the handshake is not complete. I would like to know if there's any method that I can get the certificate even the handshake is not complete. Also, as the very initial handshake stage, in Server Hello the service side has sent out the server certificate already. If the standard ssl module is designed in this behavior, is there any other module I can use to bypass the completed handshake to get the server certificate? Thanks. Eric |
|||
| msg391305 - (view) | Author: Christian Heimes (christian.heimes) *  |
Date: 2021-04-17 18:58 | |
You are correct. The ssl.get_server_certificate() helper function performs a full handshake and then returns the certificate. It's technically possible to get the cert chain from the ServerHello message, but Python does not provide an API for that. I don't know any Python package for the task either. |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:59:10 | admin | set | github: 80069 |
| 2021-04-17 18:58:56 | christian.heimes | set | status: open -> closed resolution: wont fix messages: + msg391305 stage: resolved |
| 2019-02-02 06:09:55 | Lee Eric | create | |