[issue22768] Add a way to get the peer certificate of a SSL Transport

STINNER Victor added the comment: In Python 3.5, it's no more possible to get the peer certificate as binary. See the issue #25114 for a general fix. -- ___ Python tracker ___ _

[issue22768] Add a way to get the peer certificate of a SSL Transport

Changes by Berker Peksag : -- stage: patch review -> resolved ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: h

[issue22768] Add a way to get the peer certificate of a SSL Transport

STINNER Victor added the comment: > Thanks, that indeed works; I don't know why I missed it while reading the > source. Ok, it looks like we can close the issue. > That will be problematic with issue22560. In this case, it should be discussed there. -- resolution: -> not a bug statu

[issue22768] Add a way to get the peer certificate of a SSL Transport

Antoine Pitrou added the comment: > Maybe > transport.get_extra_info('socket').getpeercert(True) > would be okay, no patch needed? That will be problematic with issue22560. The clear-text socket object and the SSL object become unrelated, and it would be logical for get_extra_info('socket') to

[issue22768] Add a way to get the peer certificate of a SSL Transport

Mathieu Pasquet added the comment: >Maybe >transport.get_extra_info('socket').getpeercert(True) >would be okay, no patch needed? Thanks, that indeed works; I don't know why I missed it while reading the source. Maybe the docs could use some clarification, though? (users are not supposed to kno

[issue22768] Add a way to get the peer certificate of a SSL Transport

Guido van Rossum added the comment: Maybe transport.get_extra_info('socket').getpeercert(True) would be okay, no patch needed? On Thu, Oct 30, 2014 at 11:56 AM, Antoine Pitrou wrote: > > Antoine Pitrou added the comment: > > > some methods take parameters (like the offender getpeercert(bool)

[issue22768] Add a way to get the peer certificate of a SSL Transport

Antoine Pitrou added the comment: > some methods take parameters (like the offender getpeercert(bool), or > get_channel_binding() that takes an element of > ssl.CHANNEL_BINDING_TYPES, list that may grow in the future) that need > to be covered in the properties That's a good point. I don't ha

[issue22768] Add a way to get the peer certificate of a SSL Transport

Mathieu Pasquet added the comment: >I'm not sure that would make a difference. We still have to implement >the proxy SSLSocket, which is no easier than adding the extra info by >hand. Or did I misunderstand you? The difference would be that exposing methods can be more future-proof, as some me

[issue22768] Add a way to get the peer certificate of a SSL Transport

Antoine Pitrou added the comment: Thanks for the patch! > other issues of > feature disparity might arise when more people try to switch to asyncio. > Exposing a proxy SSLSocket object for read-only functions might be > more beneficial. I'm not sure that would make a difference. We still have

[issue22768] Add a way to get the peer certificate of a SSL Transport

New submission from Mathieu Pasquet: Currently, the only workaround is to use transport._sock.getpeercert(True) on the Transport returned by loop.create_connection(), which is not something to be encouraged. It is useful to get such information, for example to perform a manual certificate chec