If no one answers, the way I do my work with certificates is I just wrap OpenSSL myself by doing a popen call (probably now should be using subprocess for any future scripts I write). I then redirect the output that normally goes to the shell window into a buffer then I search/slice out the fields using standard Python string searching. You could go to regex's but its overkill in my opinion if you can simply do standard string searches. The buffer always follows a set pattern so you are not going to have to search wildly varying output from OpenSSL call to OpenSSL call.
I looked at PyOpenSSL but I have country specific OIDs that are standard by not in the default ISO standard. Most libraries fall short on supporting what I need and it was brain dead easy to just call OpenSSL in my script directly and capture the output for parsing. Its up to you what you want to do with the extracted information, you could just populate a dict with it and perhaps shelve or store it for later use if you have such a need or as in my case since I only process the certificates once I just use the parsed information immediately in my scripts logic decision tree(s) to create various output. Cheers, PN 2009/1/5 Taras Ivashchenko <naplan...@gmail.com>: > Hello, list! > > I use pyopenssl [0] for checking SSL certificates. > And one of such checks is if given certificate is self-signed. > I can do it using values of X509v3 extensions: the subject key identifier and > the authority key id: > X509v3 Subject Key Identifier: > 0E:D4:AA:B1:09:91:7C:36:60:EA:56:4E:9C:57:00:AF:9C:4D:02:00 > X509v3 Authority Key Identifier: > keyid:0E:D4:AA:B1:09:91:7C:36:60:EA:56:4E:9C:57:00:AF:9C:4D:02:00 > > I read documentation of pyOpenSSL but I didn't find way how to grub > this information > from certificate using, for example, methods of X509 object. > > May be there is another way to parse SSL certificates? > I will be glad to get ever text version of given SSL certificate :) > > [0] http://pyopenssl.sourceforge.net/ > > P.S. I already wrote to pyopenssl mailing list, but there is now > answer there :( > > Тарас Иващенко (Taras Ivashchenko) > -- > "Software is like sex: it's better when it's free.", - Linus Torvalds. > -- > http://mail.python.org/mailman/listinfo/python-list > -- http://mail.python.org/mailman/listinfo/python-list
