Paul Rubin wrote: > "BerndWill" <[EMAIL PROTECTED]> writes: >> I would love to read programmatically some information out of the >> certificates itself (who signed it and what is the validation period, i.e. >> meta data). >> >> Can someone please help me out here !? > > This is very cheesy but I sometimes I've just run the openssl command > line utility with popen and read the output: > > openssl x509 -text -noout -in certfile > > will dump out the cert contents and you can parse it with regexps. > > The right way to do it is to make the appropriate m2crypto (or > whatever) calls that parse the cert directly.
I'm not sure this is what the OP is looking for. Your method assumes the certificate is on the local file system, while it seems to me he wants to do an HTTPS request to one of their servers and obtain information from the certificate installed there. For doing that, cURL might be a good choice (either the command line version (http://curl.haxx.se) or the python extension module PycURL http://pycurl.sourceforge.net/)). For instance: C:\> curl -v https://www.paypal.com * About to connect() to www.paypal.com port 443 * Trying 216.113.188.65... * connected * Connected to www.paypal.com (216.113.188.65) port 443 * successfully set certificate verify locations: * CAfile: C:\home\personal\development\bin\curl-ca-bundle.crt CApath: none * SSL connection using DHE-RSA-AES256-SHA * Server certificate: * subject: /C=US/ST=California/L=Mountain View/O=Paypal Inc./OU=Information Systems/OU=Terms of use at www.verisign.com/rpa (c)00/CN=www.paypal.com * start date: 2006-02-09 00:00:00 GMT * expire date: 2008-02-09 23:59:59 GMT * common name: www.paypal.com (matched) * issuer: /O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU= www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign * SSL certificate verify ok. [more output deleted] I'm sure that by using the cURL API directly, you can obtain the certificate information in a more direct way without having to rely on parsing the above output with regexps. Doing so might also be more complex though :-) Regards, Jan -- http://mail.python.org/mailman/listinfo/python-list
