[issue20469] ssl.getpeercert() should include extensions

2016-09-08 Thread Christian Heimes
Christian Heimes added the comment: We cannot support arbitrary extensions. If you need special extension, then you have to get the raw DER cert and use some library like pyasn1 to parse the cert yourself. PyCA cryptography might help you with that, too. -- resolution: -> wont fix sta

[issue20469] ssl.getpeercert() should include extensions

2014-03-25 Thread A Hettinger
A Hettinger added the comment: The specific thing I'm interested in is the custom extension "1.3.6.1.4.43167.0.0", but all of the X509 data should be imported. Client shows both the openssl and python outputs. I would expect anything the ssl system doesn't explicitly know what to do with, it m

[issue20469] ssl.getpeercert() should include extensions

2014-03-25 Thread A Hettinger
Changes by A Hettinger : Added file: http://bugs.python.org/file34625/cert.pem ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubs

[issue20469] ssl.getpeercert() should include extensions

2014-03-25 Thread A Hettinger
Changes by A Hettinger : Added file: http://bugs.python.org/file34624/Server.py ___ Python tracker ___ ___ Python-bugs-list mailing list Unsub

[issue20469] ssl.getpeercert() should include extensions

2014-03-25 Thread A Hettinger
Changes by A Hettinger : Added file: http://bugs.python.org/file34623/Client.py ___ Python tracker ___ ___ Python-bugs-list mailing list Unsub

[issue20469] ssl.getpeercert() should include extensions

2014-03-24 Thread Antoine Pitrou
Antoine Pitrou added the comment: The ssl module doesn't return all cert contents simply because it isn't easy to do so, or at least AFAICT it isn't. If you look at _decode_certificate() in Modules/_ssl.c you'll see the kind of code that is needed for the few fields that Python currently retur

[issue20469] ssl.getpeercert() should include extensions

2014-03-24 Thread Antoine Pitrou
Changes by Antoine Pitrou : -- stage: test needed -> needs patch ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue20469] ssl.getpeercert() should include extensions

2014-03-24 Thread Terry J. Reedy
Terry J. Reedy added the comment: If you can, write test code that fails now and indicate what success would look like. It can start as a separate file rather than a patch to test_ssl. It does not have to use unittest, though that would be helpful. -- nosy: +terry.reedy stage: -> test

[issue20469] ssl.getpeercert() should include extensions

2014-01-31 Thread Antoine Pitrou
Changes by Antoine Pitrou : -- nosy: +christian.heimes, giampaolo.rodola, janssen, pitrou versions: +Python 3.5 -Python 3.4 ___ Python tracker ___ ___

[issue20469] ssl.getpeercert() should include extensions

2014-01-31 Thread A Hettinger
Changes by A Hettinger : -- type: -> enhancement ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.

[issue20469] ssl.getpeercert() should include extensions

2014-01-31 Thread A Hettinger
New submission from A Hettinger: I have crafted an ssl cert which contains a custom extension, when I check the cert using OpenSSL on the commandline, I clearly see the extension, but when I have the server try to pprint.pprint(s.getpeercert()), I do not see these fields. Overall, I think it