[issue18369] X509 cert class for ssl module

Christian Heimes added the comment: I won't be able to land this in time for b2. It's most done but not production ready. I have only a limited amount of time and will use it to fix TLS 1.3 bits and pieces. Rescheduling for 3.8 -- priority: deferred blocker -> normal versions: -Pyth

[issue18369] X509 cert class for ssl module

Ned Deily added the comment: At Christian's request and considering the importance of the ssl module, I'm going to allow an extension for landing of this feature until 3.7.0b2, currently scheduled for 2018-02-26. If anyone else can help Christian get this in before b2, that would be great.

[issue18369] X509 cert class for ssl module

Christian Heimes added the comment: More examples: >>> import ssl, socket, pprint >>> ctx = ssl.create_default_context() >>> sock = ctx.wrap_socket(socket.socket(), server_hostname="www.python.org") >>> sock.connect(("www.python.org", 443)) >>> pprint.pprint(sock._sslobj._sslobj.verified_chain(

[issue18369] X509 cert class for ssl module

Christian Heimes added the comment: API example: >>> import ssl >>> chain = ssl.Certificate.chain_from_file("Lib/test/ssl_cert.pem") >>> cas = ssl.Certificate.bundle_from_file("Lib/test/pycacert.pem") >>> pkey = ssl.PrivateKey.from_file("Lib/test/ssl_key.passwd.pem") Traceback (most recent cal

[issue18369] X509 cert class for ssl module

Change by Christian Heimes : -- pull_requests: +5018 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://m

[issue18369] X509 cert class for ssl module

Changes by Christian Heimes : -- assignee: -> christian.heimes components: +SSL ___ Python tracker ___ ___ Python-bugs-list mailing l

[issue18369] X509 cert class for ssl module

Changes by Christian Heimes : -- versions: +Python 3.7 -Python 3.5 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscrib

[issue18369] X509 cert class for ssl module

Changes by Mark Lawrence : -- nosy: -BreamoreBoy ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.

[issue18369] X509 cert class for ssl module

Changes by Christian Heimes : -- assignee: christian.heimes -> ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue18369] X509 cert class for ssl module

Christian Heimes added the comment: I've a mostly working prototype at https://github.com/tiran/cpython/tree/feature/x509cert . It's missing documentation, more tests and I have to port it to argument clinic. -- ___ Python tracker

[issue18369] X509 cert class for ssl module

Mark Lawrence added the comment: Presumably too late for 3.5 so do we bump this to 3.6? Alternatively could the Derek Wilson patch make 3.5, there's nearly three weeks until beta 1 is due on 24th May according to https://www.python.org/dev/peps/pep-0478/ ? -- nosy: +BreamoreBoy _

[issue18369] X509 cert class for ssl module

Christian Heimes added the comment: The feature won't be ready for 3.4. I'll work on a PEP for 3.5 -- versions: +Python 3.5 -Python 3.4 ___ Python tracker ___ ___

[issue18369] X509 cert class for ssl module

Christian Heimes added the comment: Bump up my priority. I'd like to get the feature into 3.4 as a foundation for some of my other improvements of the SSL module. -- assignee: -> christian.heimes priority: normal -> high stage: -> patch review ___

[issue18369] X509 cert class for ssl module

Derek Wilson added the comment: actually, i suppose rather than change a bunch of existing functions/methods to handle X509 certs it would make more sense to add new methods to the X509 cert class (like match_hostname) so that old stuff doesn't break. -- __

[issue18369] X509 cert class for ssl module

Derek Wilson added the comment: For ssl.match_hostname to work with this, you need to get the info dict first. I've attached at patch for it. -- nosy: +underrun Added file: http://bugs.python.org/file31047/ssl_pyx509cert_match_hostname_fix.patch ___

[issue18369] X509 cert class for ssl module

Changes by Chris Rebert : -- nosy: +cvrebert ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python

[issue18369] X509 cert class for ssl module

Antoine Pitrou added the comment: > I have slightly different plans. But first, do you agree that the _ssl > C extension and all its methods are consider an internal API? How > about the _ssl module's method returns X509 objects and the Python > module calls methods on the X509 object like get_in

[issue18369] X509 cert class for ssl module

Christian Heimes added the comment: A dict subclass? Oh heck ... I have slightly different plans. But first, do you agree that the _ssl C extension and all its methods are consider an internal API? How about the _ssl module's method returns X509 objects and the Python module calls methods on t

[issue18369] X509 cert class for ssl module

Changes by Michele Orrù : -- nosy: +maker ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.or

[issue18369] X509 cert class for ssl module

Antoine Pitrou added the comment: Yeah, this is probably inevitable. Major concern is how to maintain compatibility with getpeercert() currently returning a dict. Should we make X509 a dict subclass? (yikes :-)) -- ___ Python tracker

[issue18369] X509 cert class for ssl module

New submission from Christian Heimes: I'm working on a X509 certificate class for the SSL module. Eventually methods like getpeercert() are going to return X509 instances and the Python interface can decide if it should return a dict, DER bytes or whatever. IMHO it's a mandatory requirement fo