By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
443,965 Members | 1,450 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 443,965 IT Pros & Developers. It's quick & easy.

Verify server certificate in HTTPS transaction

P: n/a
Hi,
I'm fetching some files over HTTPS from Python and I want to verify the
server certificate. (Not just the name etc provided in certificate.)

How can I get access to this information?

urllib2 doesn't seem to provide it. Even a raw SSL socket only appears
to provide access to the CN, OU etc in string form (not the raw
certificate).

I tried pycurl, which allows you to setopt(pycurl.SSL_VERIFYPEER) and
VERIFYHOST, but the getinfo(pycurl.SSL_VERIFYRESULT) call always returns
0. Perhaps it's unimplememented?

I couldn't get the M2Crypto API documentation to generate; perhaps it
allows it.

TLS Lite on to of M2Crypto? Something else again?
Thanks
Hamish
Jun 7 '07 #1
Share this Question
Share on Google+
1 Reply


P: n/a
I struggled with that months ago. The SSL library that ships with
Python is primitive, but M2Crypto can do that. M2Crypto will actually
verify the certificate chain. The documentation is weak, it's hard
to build, and there are bugs, but it's the best Python has right now.

John Nagle

Hamish Moffatt wrote:
Hi,
I'm fetching some files over HTTPS from Python and I want to verify the
server certificate. (Not just the name etc provided in certificate.)

How can I get access to this information?

urllib2 doesn't seem to provide it. Even a raw SSL socket only appears
to provide access to the CN, OU etc in string form (not the raw
certificate).

I tried pycurl, which allows you to setopt(pycurl.SSL_VERIFYPEER) and
VERIFYHOST, but the getinfo(pycurl.SSL_VERIFYRESULT) call always returns
0. Perhaps it's unimplememented?

I couldn't get the M2Crypto API documentation to generate; perhaps it
allows it.

TLS Lite on to of M2Crypto? Something else again?
Thanks
Hamish
Jun 8 '07 #2

This discussion thread is closed

Replies have been disabled for this discussion.