This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author nagle
Recipients nagle
Date 2014-11-14.18:03:25
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
In each revision of "getpeercert", a few more fields are returned. Python 3.2 added "issuer" and "notBefore".  Python 3.4 added "crlDistributionPoints", "caIssuers", and OCSP URLS. But some fields
still aren't returned.  I happen to need CertificatePolicies, which is how you distinguish DV, OV, and EV certs.

   Here's what you get now from "getpeercert()" for "":

{'OCSP': ('',),
 'caIssuers': ('',),
 'issuer': ((('countryName', 'US'),),
            (('organizationName', 'VeriSign, Inc.'),),
            (('organizationalUnitName', 'VeriSign Trust Network'),),
              'Terms of use at (c)06'),),
            (('commonName', 'VeriSign Class 3 Extended Validation SSL
 'notAfter': 'Mar 22 23:59:59 2015 GMT',
 'notBefore': 'Feb 20 00:00:00 2014 GMT',
 'serialNumber': '69A7BC85C106DDE1CF4FA47D5ED813DC',
 'subject': ((('', 'US'),),
             (('', 'Delaware'),),
             (('businessCategory', 'Private Organization'),),
             (('serialNumber', '2927442'),),
             (('countryName', 'US'),),
             (('postalCode', '60603'),),
             (('stateOrProvinceName', 'Illinois'),),
             (('localityName', 'Chicago'),),
             (('streetAddress', '135 S La Salle St'),),
             (('organizationName', 'Bank of America Corporation'),),
             (('organizationalUnitName', 'Network Infrastructure'),),
             (('commonName', ''),)),
 'subjectAltName': (('DNS', ''),
                    ('DNS', '')),
 'version': 3}

Missing fields (from Firefox's view of the cert) include:

 Certificate Policies:
    Extended Validation (EV) SSL Server Certificate
    Certification Practice Statement pointer:
    (This tells you it's a valid EV cert).

 Certificate Basic Constraints:
    Is not a Certificate Authority
    (which means they can't issue more certs below this one)

 Extended Key Usage:
    TLS Web Server Authentication (
    TLS Web Client Authentication (
    (which means this cert is for web use, not email or code signing)

   How about just returning ALL the remaining fields and finishing the job, so this doesn't have to be fixed again?  Thanks.
Date User Action Args
2014-11-14 18:03:27naglesetrecipients: + nagle
2014-11-14 18:03:26naglesetmessageid: <>
2014-11-14 18:03:26naglelinkissue22873 messages
2014-11-14 18:03:25naglecreate