the ssl.get_server_certificate function is very useful for just requesting a cert. It would also be very useful to have a parallel function, possibly ssl.get_server_cert_chain that does the same thing except but provides a tuple of PEM encoded certs comprising the chain provided by the peer.

It would also be very useful, given that we have the ability to collect certs and cert chains without validating them, to have a separate convenience method for validation of certs given a cert (or chain) and the file/path to trusted CA root certs.

This way we could collect a cert chain once and validate against different ca cert stores, or collect a set of cert chains and do batch validation.

oh, and I'd love to see the _ssl._decode_certificate function exposed so that we can get easily get python data structure from certs.

If any of this sounds useful I would be happy to submit patches.