Message 305021 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	Nixawk
Recipients	Nixawk
Date	2017-10-26.04:11:19
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1508991085.56.0.213398074469.issue31870@psf.upfronthosting.co.za>
In-reply-to

Content
The original get_server_certificate in ssl.py does not support socket timeout, def get_server_certificate(addr, ssl_version=PROTOCOL_TLS, ca_certs=None): """Retrieve the certificate from the server at the specified address, and return it as a PEM-encoded string. If 'ca_certs' is specified, validate the server cert against it. If 'ssl_version' is specified, use it in the connection attempt.""" host, port = addr if ca_certs is not None: cert_reqs = CERT_REQUIRED else: cert_reqs = CERT_NONE context = _create_stdlib_context(ssl_version, cert_reqs=cert_reqs, cafile=ca_certs) with create_connection(addr) as sock: with context.wrap_socket(sock) as sslsock: dercert = sslsock.getpeercert(True) return DER_cert_to_PEM_cert(dercert) If a timeout parameter, a sample demo can be here: >>> import ssl >>> ssl.get_server_certificate(("www.qq.com", 443), timeout=6) Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib/python2.7/ssl.py", line 1017, in get_server_certificate with closing(create_connection(addr, timeout)) as sock: File "/usr/lib/python2.7/socket.py", line 575, in create_connection raise err socket.error: [Errno 101] Network is unreachable

The original get_server_certificate in ssl.py does not support socket timeout,

def get_server_certificate(addr, ssl_version=PROTOCOL_TLS, ca_certs=None):
    """Retrieve the certificate from the server at the specified address,
    and return it as a PEM-encoded string.
    If 'ca_certs' is specified, validate the server cert against it.
    If 'ssl_version' is specified, use it in the connection attempt."""

    host, port = addr
    if ca_certs is not None:
        cert_reqs = CERT_REQUIRED
    else:
        cert_reqs = CERT_NONE
    context = _create_stdlib_context(ssl_version,
                                     cert_reqs=cert_reqs,
                                     cafile=ca_certs)
    with  create_connection(addr) as sock:
        with context.wrap_socket(sock) as sslsock:
            dercert = sslsock.getpeercert(True)
    return DER_cert_to_PEM_cert(dercert)

If a timeout parameter, a sample demo can be here:

>>> import ssl
>>> ssl.get_server_certificate(("www.qq.com", 443), timeout=6)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python2.7/ssl.py", line 1017, in get_server_certificate
    with closing(create_connection(addr, timeout)) as sock:
  File "/usr/lib/python2.7/socket.py", line 575, in create_connection
    raise err
socket.error: [Errno 101] Network is unreachable

History
Date	User	Action	Args
2017-10-26 04:11:27	Nixawk	set	recipients: + Nixawk
2017-10-26 04:11:25	Nixawk	set	messageid: <1508991085.56.0.213398074469.issue31870@psf.upfronthosting.co.za>
2017-10-26 04:11:25	Nixawk	link	issue31870 messages
2017-10-26 04:11:25	Nixawk	create