New submission from Vex Woo <[email protected]>:
The original get_server_certificate in ssl.py does not support socket timeout,
def get_server_certificate(addr, ssl_version=PROTOCOL_TLS, ca_certs=None):
"""Retrieve the certificate from the server at the specified address,
and return it as a PEM-encoded string.
If 'ca_certs' is specified, validate the server cert against it.
If 'ssl_version' is specified, use it in the connection attempt."""
host, port = addr
if ca_certs is not None:
cert_reqs = CERT_REQUIRED
else:
cert_reqs = CERT_NONE
context = _create_stdlib_context(ssl_version,
cert_reqs=cert_reqs,
cafile=ca_certs)
with create_connection(addr) as sock:
with context.wrap_socket(sock) as sslsock:
dercert = sslsock.getpeercert(True)
return DER_cert_to_PEM_cert(dercert)
If a timeout parameter, a sample demo can be here:
>>> import ssl
>>> ssl.get_server_certificate(("www.qq.com", 443), timeout=6)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.7/ssl.py", line 1017, in get_server_certificate
with closing(create_connection(addr, timeout)) as sock:
File "/usr/lib/python2.7/socket.py", line 575, in create_connection
raise err
socket.error: [Errno 101] Network is unreachable
----------
components: Library (Lib)
files: ssl.py
messages: 305021
nosy: Nixawk
priority: normal
pull_requests: 4092
severity: normal
status: open
title: add timeout parameter for get_server_certificate in ssl.py
type: enhancement
Added file: https://bugs.python.org/file47238/ssl.py
_______________________________________
Python tracker <[email protected]>
<https://bugs.python.org/issue31870>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
