Message 309844 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	christian.heimes
Recipients	christian.heimes, cvrebert, maker, pitrou, underrun
Date	2018-01-12.09:41:15
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1515750076.02.0.467229070634.issue18369@psf.upfronthosting.co.za>
In-reply-to

Content
More examples: >>> import ssl, socket, pprint >>> ctx = ssl.create_default_context() >>> sock = ctx.wrap_socket(socket.socket(), server_hostname="www.python.org") >>> sock.connect(("www.python.org", 443)) >>> pprint.pprint(sock._sslobj._sslobj.verified_chain()) (<_ssl.Certificate '/businessCategory=Private Organization/jurisdictionC=US/jurisdictionST=Delaware/serialNumber=3359300/street=16 Allen Rd/postalCode=03894-4801/C=US/ST=New Hampshire/L=Wolfeboro/O=Python Software Foundation/CN=www.python.org'>, <_ssl.Certificate '/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA'>, <_ssl.Certificate '/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA'>) >>> eecert = sock._sslobj._sslobj.verified_chain()[0] >>> eecert.check_hostname('www.python.org') 'www.python.org' >>> eecert.check_hostname('www.python.com') False >>> cert = ssl.Certificate.from_file('wildcards-combined.rsa.pem') >>> pprint.pprint(cert.get_info()) {'OCSP': ('http://testca.pythontest.net/ca/ocsp/pysubca',), 'caIssuers': ('http://testca.pythontest.net/ca/pysubca.cer',), 'crlDistributionPoints': ('http://testca.pythontest.net/ca/pysubca.crl',), 'issuer': ((('countryName', 'XZ'),), (('stateOrProvinceName', 'Holy Grail'),), (('organizationName', 'Castle Anthrax'),), (('organizationalUnitName', 'Python Software Foundation'),), (('commonName', 'Python Tests Intermediate CA'),)), 'notAfter': 'Jan 1 12:00:00 2027 GMT', 'notBefore': 'Jan 1 12:00:00 2017 GMT', 'serialNumber': '0A', 'subject': ((('countryName', 'XZ'),), (('stateOrProvinceName', 'Holy Grail'),), (('organizationName', 'Castle Anthrax'),), (('organizationalUnitName', 'Python Software Foundation'),), (('commonName', 'Wildcards in SAN'),)), 'subjectAltName': (('DNS', '.wildcard.pythontest.net'), ('DNS', 'www.wildcard-www.pythontest.net'), ('DNS', 'x.wildcard-x.pythontest.net')), 'version': 3} >>> cert.check_hostname('www.wildcard.pythontest.net') '.wildcard.pythontest.net'

More examples:

>>> import ssl, socket, pprint
>>> ctx = ssl.create_default_context()
>>> sock = ctx.wrap_socket(socket.socket(), server_hostname="www.python.org")
>>> sock.connect(("www.python.org", 443))
>>> pprint.pprint(sock._sslobj._sslobj.verified_chain())
(<_ssl.Certificate '/businessCategory=Private Organization/jurisdictionC=US/jurisdictionST=Delaware/serialNumber=3359300/street=16 Allen Rd/postalCode=03894-4801/C=US/ST=New Hampshire/L=Wolfeboro/O=Python Software Foundation/CN=www.python.org'>,
 <_ssl.Certificate '/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA'>,
 <_ssl.Certificate '/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA'>)

>>> eecert = sock._sslobj._sslobj.verified_chain()[0]
>>> eecert.check_hostname('www.python.org')
'www.python.org'
>>> eecert.check_hostname('www.python.com')
False

>>> cert = ssl.Certificate.from_file('wildcards-combined.rsa.pem')
>>> pprint.pprint(cert.get_info())
{'OCSP': ('http://testca.pythontest.net/ca/ocsp/pysubca',),
 'caIssuers': ('http://testca.pythontest.net/ca/pysubca.cer',),
 'crlDistributionPoints': ('http://testca.pythontest.net/ca/pysubca.crl',),
 'issuer': ((('countryName', 'XZ'),),
            (('stateOrProvinceName', 'Holy Grail'),),
            (('organizationName', 'Castle Anthrax'),),
            (('organizationalUnitName', 'Python Software Foundation'),),
            (('commonName', 'Python Tests Intermediate CA'),)),
 'notAfter': 'Jan  1 12:00:00 2027 GMT',
 'notBefore': 'Jan  1 12:00:00 2017 GMT',
 'serialNumber': '0A',
 'subject': ((('countryName', 'XZ'),),
             (('stateOrProvinceName', 'Holy Grail'),),
             (('organizationName', 'Castle Anthrax'),),
             (('organizationalUnitName', 'Python Software Foundation'),),
             (('commonName', 'Wildcards in SAN'),)),
 'subjectAltName': (('DNS', '*.wildcard.pythontest.net'),
                    ('DNS', 'www*.wildcard-www.pythontest.net'),
                    ('DNS', 'x*.wildcard-x.pythontest.net')),
 'version': 3}
>>> cert.check_hostname('www.wildcard.pythontest.net')
'*.wildcard.pythontest.net'

History
Date	User	Action	Args
2018-01-12 09:41:16	christian.heimes	set	recipients: + christian.heimes, pitrou, cvrebert, maker, underrun
2018-01-12 09:41:16	christian.heimes	set	messageid: <1515750076.02.0.467229070634.issue18369@psf.upfronthosting.co.za>
2018-01-12 09:41:16	christian.heimes	link	issue18369 messages
2018-01-12 09:41:15	christian.heimes	create