[issue20000] SSLContext.get_ca_certs() and self-signed certs

Christian Heimes Mon, 16 Dec 2013 11:14:46 -0800

Christian Heimes added the comment:

Example:


$ openssl s_server -cert Lib/test/ssl_cert.pem -key Lib/test/ssl_key.pem

$ ./python
>>> import ssl
>>> ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv3)
>>> ctx.verify_mode = ssl.CERT_REQUIRED
>>> ctx.check_hostname = True
>>> ctx.load_verify_locations("Lib/test/ssl_cert.pem")
>>> s = ssl.create_connection(("localhost", 4433))
>>> with ctx.wrap_socket(s, server_hostname="localhost") as ssock:
...     peer = ssock.getpeercert()
... 
>>> peer
{'notAfter': 'Oct  5 23:01:56 2020 GMT', 'version': 3, 'serialNumber': 
'D7C7381919AFC24E', 'subjectAltName': (('DNS', 'localhost'),), 'issuer': 
((('countryName', 'XY'),), (('localityName', 'Castle Anthrax'),), 
(('organizationName', 'Python Software Foundation'),), (('commonName', 
'localhost'),)), 'subject': ((('countryName', 'XY'),), (('localityName', 
'Castle Anthrax'),), (('organizationName', 'Python Software Foundation'),), 
(('commonName', 'localhost'),)), 'notBefore': 'Oct  8 23:01:56 2010 GMT'}
>>> ctx.get_ca_certs()
[]

----------

_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue20000>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue20000] SSLContext.get_ca_certs() and self-signed certs

Reply via email to