Thanks Jan. I will try pycurl then. Regards Bernd
"Jan Dries" <[EMAIL PROTECTED]> schrieb im Newsbeitrag news:[EMAIL PROTECTED] > Paul Rubin wrote: >> "BerndWill" <[EMAIL PROTECTED]> writes: >>> I would love to read programmatically some information out of the >>> certificates itself (who signed it and what is the validation period, >>> i.e. meta data). >>> >>> Can someone please help me out here !? >> >> This is very cheesy but I sometimes I've just run the openssl command >> line utility with popen and read the output: >> >> openssl x509 -text -noout -in certfile >> >> will dump out the cert contents and you can parse it with regexps. >> >> The right way to do it is to make the appropriate m2crypto (or >> whatever) calls that parse the cert directly. > > I'm not sure this is what the OP is looking for. Your method assumes the > certificate is on the local file system, while it seems to me he wants to > do an HTTPS request to one of their servers and obtain information from > the certificate installed there. > > For doing that, cURL might be a good choice (either the command line > version (http://curl.haxx.se) or the python extension module PycURL > http://pycurl.sourceforge.net/)). > > For instance: > > C:\> curl -v https://www.paypal.com > > * About to connect() to www.paypal.com port 443 > * Trying 216.113.188.65... * connected > * Connected to www.paypal.com (216.113.188.65) port 443 > * successfully set certificate verify locations: > * CAfile: C:\home\personal\development\bin\curl-ca-bundle.crt > CApath: none > * SSL connection using DHE-RSA-AES256-SHA > * Server certificate: > * subject: /C=US/ST=California/L=Mountain View/O=Paypal > Inc./OU=Information Systems/OU=Terms of use at > www.verisign.com/rpa (c)00/CN=www.paypal.com > * start date: 2006-02-09 00:00:00 GMT > * expire date: 2008-02-09 23:59:59 GMT > * common name: www.paypal.com (matched) > * issuer: /O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign > International Server CA - Class 3/OU= > www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign > * SSL certificate verify ok. > > [more output deleted] > > I'm sure that by using the cURL API directly, you can obtain the > certificate information in a more direct way without having to rely on > parsing the above output with regexps. Doing so might also be more complex > though :-) > > Regards, > Jan > -- http://mail.python.org/mailman/listinfo/python-list
