This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author hanno
Recipients christian.heimes, hanno
Date 2017-10-29.09:59:05
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1509271146.03.0.213398074469.issue31892@psf.upfronthosting.co.za>
In-reply-to
Content 
The function ssl.get_server_certificate() from the ssl module is supposed to allow fetching the certificate of a TLS server.

However in its current form it provides no way to specify a key type. Many popular hosts (e.g. facebook, google) support both ECDSA and RSA these days, depending on the cipher suites one uses to try to connect to them.

If one wants to fetch the RSA certificate of e.g. facbeook this is not possible with the current python ssl module, as it will always output the ECDSA certificate. One can create a connection with an SSLContext that has only RSA ciphers set, but it's not possible to get the certificate out of an SSLContext. And the get_server_certificate function provides neither a way to bind it to a context nor a way to specify ciphers or key types.

I think there should be an optional parameter to get_server_certificate that allows asking for a specific key type.
History
Date User Action Args
2017-10-29 09:59:06hannosetrecipients: + hanno, christian.heimes
2017-10-29 09:59:06hannosetmessageid: <1509271146.03.0.213398074469.issue31892@psf.upfronthosting.co.za>
2017-10-29 09:59:05hannolinkissue31892 messages
2017-10-29 09:59:05hannocreate