Re: urllib getting SSL certificate info - Python

Fredrik Lundh wrote:
> Ghirai wrote:
>
>> Using urllib, is there any way i could access some info about the SSL
>> certificate (when opening a https url)?
>>
>> I'm really interested in the fingerprint.
>>
>> I haven't been able to find anything so far.
>
> you can get some info via (undocumented?) attributes on the file handle:
>
> >>> import urllib
> >>> f = urllib.urlopen("https://mail.google.com/")
> >>> f.fp
> <httplib.SSLFile instance at 0x00CE2508>
> ['issuer', 'read', 'server', 'write']
> >>> f.fp._ssl.issuer()
> '/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA'
> >>> f.fp._ssl.server()
> '/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mail.google.com'
>
> </F>

If you really need details from the SSL cert, you usually have to use
M2Crypto. The base SSL package doesn't actually do much with certificates.
It doesn't validate the certificate chain. And those strings of
attributes you can get are ambiguious; data fields may contain unescaped
"/", which is the field separator. I went through this last year and
had to use M2Crypto, which is something of a headache but more or less works.

John Nagle

On Sunday 17 August 2008 20:15:47 John Nagle wrote:

> If you really need details from the SSL cert, you usually have to use
> M2Crypto. The base SSL package doesn't actually do much with certificates.
> It doesn't validate the certificate chain. And those strings of
> attributes you can get are ambiguious; data fields may contain unescaped
> "/", which is the field separator. I went through this last year and
> had to use M2Crypto, which is something of a headache but more or less
> works.
>
> John Nagle

Would you mind sharing some code? The module is pretty ugly and on top has no
docs whatsoever; got tired of reading the source...

Thanks.

--
Regards,
Ghirai.