473,670 Members | 2,546 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Re: urllib getting SSL certificate info

Ghirai wrote:
Using urllib, is there any way i could access some info about the SSL
certificate (when opening a https url)?

I'm really interested in the fingerprint.

I haven't been able to find anything so far.
you can get some info via (undocumented?) attributes on the file handle:
>>import urllib
f = urllib.urlopen( "https://mail.google.com/")
f.fp
<httplib.SSLFil e instance at 0x00CE2508>
['issuer', 'read', 'server', 'write']
>>f.fp._ssl.iss uer()
'/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA'
>>f.fp._ssl.ser ver()
'/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mail.google. com'

</F>

Aug 16 '08 #1
3 6485
Fredrik Lundh wrote:
Ghirai wrote:
>Using urllib, is there any way i could access some info about the SSL
certificate (when opening a https url)?

I'm really interested in the fingerprint.

I haven't been able to find anything so far.

you can get some info via (undocumented?) attributes on the file handle:
>>import urllib
>>f = urllib.urlopen( "https://mail.google.com/")
>>f.fp
<httplib.SSLFil e instance at 0x00CE2508>
['issuer', 'read', 'server', 'write']
>>f.fp._ssl.iss uer()
'/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA'
>>f.fp._ssl.ser ver()
'/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mail.google. com'

</F>
If you really need details from the SSL cert, you usually have to use
M2Crypto. The base SSL package doesn't actually do much with certificates.
It doesn't validate the certificate chain. And those strings of
attributes you can get are ambiguious; data fields may contain unescaped
"/", which is the field separator. I went through this last year and
had to use M2Crypto, which is something of a headache but more or less works.

John Nagle
Aug 17 '08 #2
On Sunday 17 August 2008 20:15:47 John Nagle wrote:
If you really need details from the SSL cert, you usually have to use
M2Crypto. The base SSL package doesn't actually do much with certificates.
It doesn't validate the certificate chain. And those strings of
attributes you can get are ambiguious; data fields may contain unescaped
"/", which is the field separator. I went through this last year and
had to use M2Crypto, which is something of a headache but more or less
works.

John Nagle
Would you mind sharing some code? The module is pretty ugly and on top has no
docs whatsoever; got tired of reading the source...

Thanks.

--
Regards,
Ghirai.
Aug 19 '08 #3
Ghirai wrote:
Would you mind sharing some code? The module is pretty ugly and on top has no
docs whatsoever; got tired of reading the source...
Did you find out the right homepage at
http://chandlerproject.org/Projects/MeTooCrypto? The original author,
ngps, hasn't been involved in the project for years, yet for some reason
his page still comes up first when you search with Google.

The real M2Crypto homepage includes a short SSL howto. In there is a 5
line sample client script. But here is the equivalent of what JP wrote
in M2Crypto:

from M2Crypto import SSL
ctx = SSL.Context('ss lv3')
# If you comment out these lines, the connection won't be secure
#ctx.set_verify (SSL.verify_pee r | SSL.verify_fail _if_no_peer_cer t, depth=9)
#if ctx.load_verify _locations('ca. pem') != 1: raise Exception('No CA certs')
c = SSL.Connection( ctx)
c.connect(('www .google.com', 443)) # automatically checks cert matches host
c.send('GET / HTTP/1.1\r\n\r\n')
cert = c.get_peer_cert ()
print cert.get_issuer () # actually returns X509_Name object
print cert.get_subjec t() # actually returns X509_Name object

I should point out that M2Crypto really tries to make things safe by
default. For example with SSL, you will have to explicitly request weak
crypto to get SSLv2 and weak ciphers, and by default in client mode it
will check that the certificate hostname matches the hostname you tried
to connect to. You can override these if you want. The examples
typically show how to do things the safe way.

M2Crypto has over 200 unit tests, which I think offer a reasonable way
of checking how to use the API.

You can generate the M2Crypto API documentation yourself, but it is
pretty minimal. I'll see if I can find some cycles to flesh it out.
pyOpenSSL has the API documentation online, arguably in a nicer format
even, but there doesn't seem to be much more of it IMO. Both M2Crypto
and pyOpenSSL recommend you to go read the OpenSSL documentation since
most things are pretty thin wrappers around OpenSSL. But really, for
anyone doing any serious SSL development using OpenSSL or any OpenSSL
wrappers I recommend you go read "Network Security with OpenSSL" by John
Viega, Matt Messier and Pravir Chandra, ISBN 059600270X.

But just for your viewing pleasure, I just generated the M2Crypto API
documentation and put a link to it from the M2Crypto homepage:
http://chandlerproject.org/Projects/MeTooCrypto

--
Heikki Toivonen - http://www.heikkitoivonen.net
Aug 20 '08 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
4
5181
Deficiency in urllib/socket for https?
by: Gary Feldman | last post by:
I think I've found a deficiency in the design of urllib related to https. In order to complete an https connection, it appears that URLOpener and hence FancyURLOpener require the key and cert files. Or at least, it's not clear from the description of socket.ssl what it does if they're omitted. However, urlopen has no way to specify such things. Nor should it - for typical uses, a person simply trying to retrieve data from an ssl site...
Python
4
3986
Simple Question : files and URLLIB
by: Richard Shea | last post by:
Hi - I'm new to Python. I've been trying to use URLLIB and the 'tidy' function (part of the mx.tidy package). There's one thing I'm having real difficulties understanding. When I did this ... finA= urllib.urlopen('http://www.python.org/') foutA=open('C:\\testout.html','w') tidy(finA,foutA,None) I get ...
Python
11
4056
Obtaining SSL certificate info from SSL object - BUG?
by: John Nagle | last post by:
The Python SSL object offers two methods from obtaining the info from an SSL certificate, "server()" and "issuer()". The actual values in the certificate are a series of name/value pairs in ASN.1 binary format. But what "server()" and "issuer()" return are strings, with the pairs separated by "/". The documentation at "http://docs.python.org/lib/ssl-objects.html" says "Returns a string containing the ASN.1 distinguished name identifying...
Python
5
2841
Problem Getting Script's URL ($_SERVER['PHP_SELF'] not what I expected)
by: Tom | last post by:
I have a function that restricts access to a page to logged in users. When a user who isn't logged in goes to the page, it will dynamically generate a login form. I'm trying to use it in conjunction with the free shared SSL certificate offered by my host. To use SSL, you would change a URL like this http://mydomain.com/page.php
PHP
5
7686
More urllib timeout issues.
by: John Nagle | last post by:
I thought I had all the timeout problems with urllib worked around, but no. socket.setdefaulttimeout is useful, but not always effective. I'm setting that to 15 seconds. If the host end won't open the connection within 15 seconds, urllib times out. But if the host end opens the connection, then never sends anything, urllib waits for many minutes before timing out. Any idea how to deal with this? And don't just say "use urllib2"...
Python
7
2514
urllib and urlleb2 modules in Python
by: moconno5 | last post by:
Hello, I am attempting to write a Python module to access a website and upload batched files I have created, but I'm not getting it to work properly. I want to be able to upload my file, and then capture the reply in a simple text file within Python. Here is the code that I have, which so far just copies the content of the webpage. I am using Python version 2.5. #!/usr/bin/env python import urllib import sys url =...
Python
5
13040
urllib (54, 'Connection reset by peer') error
by: chrispoliquin | last post by:
Hi, I have a small Python script to fetch some pages from the internet. There are a lot of pages and I am looping through them and then downloading the page using urlretrieve() in the urllib module. The problem is that after 110 pages or so the script sort of hangs and then I get the following traceback: Traceback (most recent call last):
Python
0
860
urllib getting SSL certificate info
by: Ghirai | last post by:
Hello list, Using urllib, is there any way i could access some info about the SSL certificate (when opening a https url)? I'm really interested in the fingerprint. I haven't been able to find anything so far. Any help is appreciated.
Python
0
281
Re: urllib getting SSL certificate info
by: Ghirai | last post by:
On Saturday 16 August 2008 12:16:14 Fredrik Lundh wrote: Thanks, that seems to be getting me very close of what i need. -- Regards, Ghirai.
Python
0
8386
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
Windows Server
0
8815
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
1
8592
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
0
8661
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
0
7421
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
0
5686
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
4393
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
2802
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
2
1795
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us