Re: urllib getting SSL certificate info - Python

This is a discussion on Re: urllib getting SSL certificate info - Python ; Ghirai wrote: > Using urllib, is there any way i could access some info about the SSL > certificate (when opening a https url)? > > I'm really interested in the fingerprint. > > I haven't been able to find ...

+ Reply to Thread
Results 1 to 3 of 3

Re: urllib getting SSL certificate info

  1. Default Re: urllib getting SSL certificate info

    Ghirai wrote:

    > Using urllib, is there any way i could access some info about the SSL
    > certificate (when opening a https url)?
    >
    > I'm really interested in the fingerprint.
    >
    > I haven't been able to find anything so far.


    you can get some info via (undocumented?) attributes on the file handle:

    >>> import urllib
    >>> f = urllib.urlopen("https://mail.google.com/")
    >>> f.fp

    <httplib.SSLFile instance at 0x00CE2508>
    ['issuer', 'read', 'server', 'write']
    >>> f.fp._ssl.issuer()

    '/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA'
    >>> f.fp._ssl.server()

    '/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mail.google.com'

    </F>


  2. Default Re: urllib getting SSL certificate info

    Fredrik Lundh wrote:
    > Ghirai wrote:
    >
    >> Using urllib, is there any way i could access some info about the SSL
    >> certificate (when opening a https url)?
    >>
    >> I'm really interested in the fingerprint.
    >>
    >> I haven't been able to find anything so far.

    >
    > you can get some info via (undocumented?) attributes on the file handle:
    >
    > >>> import urllib
    > >>> f = urllib.urlopen("https://mail.google.com/")
    > >>> f.fp

    > <httplib.SSLFile instance at 0x00CE2508>
    > ['issuer', 'read', 'server', 'write']
    > >>> f.fp._ssl.issuer()

    > '/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA'
    > >>> f.fp._ssl.server()

    > '/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mail.google.com'
    >
    > </F>


    If you really need details from the SSL cert, you usually have to use
    M2Crypto. The base SSL package doesn't actually do much with certificates.
    It doesn't validate the certificate chain. And those strings of
    attributes you can get are ambiguious; data fields may contain unescaped
    "/", which is the field separator. I went through this last year and
    had to use M2Crypto, which is something of a headache but more or less works.

    John Nagle

  3. Default Re: urllib getting SSL certificate info

    On Sunday 17 August 2008 20:15:47 John Nagle wrote:

    > If you really need details from the SSL cert, you usually have to use
    > M2Crypto. The base SSL package doesn't actually do much with certificates.
    > It doesn't validate the certificate chain. And those strings of
    > attributes you can get are ambiguious; data fields may contain unescaped
    > "/", which is the field separator. I went through this last year and
    > had to use M2Crypto, which is something of a headache but more or less
    > works.
    >
    > John Nagle


    Would you mind sharing some code? The module is pretty ugly and on top has no
    docs whatsoever; got tired of reading the source...

    Thanks.

    --
    Regards,
    Ghirai.

+ Reply to Thread