Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Python > SSL follow up

Reply
Thread Tools

SSL follow up

 
 
Yogesh Chawla - PD
Guest
Posts: n/a
 
      10-24-2006
Hi Paul and John,
Thanks for the SSL follow up messages.

I have 2 questions. 1) How do we get the Server cert
in python. John wrote: "Nor does there seem to be a
way to get at the certificate itself from within
Python." Perhaps pycurl will allow us to do this. Is
there another method to get the server cert?

2) I like the idea of calling openssl in a subprocess.
Do you have any of those openssl commands handy? If
not, I can look through the documentation tommorrow.

Thanks!

Yogesh
 
Reply With Quote
 
 
 
 
Paul Rubin
Guest
Posts: n/a
 
      10-24-2006
Yogesh Chawla - PD <(E-Mail Removed)> writes:
> 2) I like the idea of calling openssl in a subprocess.
> Do you have any of those openssl commands handy? If
> not, I can look through the documentation tommorrow.


To dump out the certificate? Try:

openssl x509 -text -in filename.crt

if the cert is in a file. Omit that -in parameter if you want openssl
to read from stdin. Of course now you get this other text format
thing to parse, but it's not so bad.
 
Reply With Quote
 
 
 
 
Heikki Toivonen
Guest
Posts: n/a
 
      10-25-2006
Yogesh Chawla - PD wrote:
> I have 2 questions. 1) How do we get the Server cert
> in python. John wrote: "Nor does there seem to be a
> way to get at the certificate itself from within
> Python." Perhaps pycurl will allow us to do this. Is
> there another method to get the server cert?


Here's an example with M2Crypto:

from M2Crypto import SSL

ctx = SSL.Context()
conn = SSL.Connection(ctx)
conn.connect(('www.verisign.com', 443))
cert = conn.get_peer_cert()

> 2) I like the idea of calling openssl in a subprocess.
> Do you have any of those openssl commands handy? If
> not, I can look through the documentation tommorrow.


I would be surprised if M2Crypto did not provide what you want. If it
doesn't, I'd be happy to add the functionality.

--
Heikki Toivonen
 
Reply With Quote
 
=?ISO-8859-1?Q?Michael_Str=F6der?=
Guest
Posts: n/a
 
      10-26-2006
Paul Rubin wrote:
>
> To dump out the certificate? Try:
>
> openssl x509 -text -in filename.crt
>
> if the cert is in a file. Omit that -in parameter if you want openssl
> to read from stdin. Of course now you get this other text format
> thing to parse, but it's not so bad.


I wouldn't recommend that. Actually I tried one time. Use a decent
module instead which parses certs for you. I wrote one myself for web2ldap.

Ciao, Michael.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
"Failed set trust point in ssl context" when using SSL communication emukang Java 0 12-20-2005 04:54 PM
Response.Redirect from SSL to non SSL with port drops port. Sean Wolfe ASP .Net 1 04-28-2005 07:49 PM
SSL with backend SSL on CSS 11500 Olivier PELERIN Cisco 0 08-30-2004 08:30 PM
How to imbed non-SSL links within SSL pages without using code CW ASP .Net 2 05-02-2004 01:40 PM
From non-ssl area to ssl ara with a virtual href path? 620 ASP .Net 2 01-06-2004 09:58 PM



Advertisments